CVE-2024-27392 is a vulnerability identified in the Linux kernel's NVMe (Non-Volatile Memory Express) host driver code. The issue arises in the function ns_update_nuse(), which manages namespace updates for NVMe devices. Specifically, when the function nvme_identify_ns() fails, it frees a pointer to a structure called nvme_id_ns before returning. However, ns_update_nuse() also attempts to free the same pointer unconditionally, leading to a double-free condition. This double-free is detected by Kernel Address Sanitizer (KASAN) during testing (notably with blktests nvme/045 on kernel version 6.8-rc7). The double-free can cause undefined behavior including potential kernel memory corruption, crashes, or denial of service. The root cause is a failure to properly check the return status of nvme_identify_ns() before freeing the pointer again. The fix involves skipping the second free (kfree()) when nvme_identify_ns() fails, preventing the double-free scenario. This vulnerability is specific to the Linux kernel NVMe subsystem and affects versions prior to the patch inclusion. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with NVMe storage devices. The NVMe subsystem is widely used in enterprise servers, cloud infrastructure, and high-performance computing environments common in Europe. Exploitation could lead to kernel crashes or denial of service, impacting availability of critical systems and services. While no direct remote exploitation vector is indicated, local attackers or malicious processes with kernel interaction capabilities could trigger the double-free, potentially leading to system instability or facilitating privilege escalation in complex attack chains. This could disrupt operations in sectors relying on Linux-based infrastructure such as finance, telecommunications, government, and manufacturing. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel component means that timely patching is essential to maintain system integrity and availability.

European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2024-27392. Specifically, kernel maintainers and distributors should apply the patch that prevents the double-free by skipping the second kfree() call when nvme_identify_ns() fails. System administrators should audit their environments to identify Linux systems using NVMe devices and verify kernel versions against the fixed releases. For environments where immediate patching is not feasible, implementing strict access controls to limit unprivileged users' ability to interact with kernel NVMe interfaces can reduce exploitation risk. Additionally, enabling kernel memory protection features such as KASAN in testing environments can help detect similar issues proactively. Monitoring kernel logs for unusual crashes or memory errors related to NVMe operations can provide early warning signs. Coordination with Linux distribution vendors for timely security updates is also recommended.