CVE-2023-53174

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix possible memory leak if device_add() fails

If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to decrease the reference count in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < 63956ad27a6882f01fea7c69e17823090f4c7b3faffected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < 06c5340858011aa1195aec43a776e3185fbf7f56affected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < e12fac07f61caac9c5b186d827658b3470787619affected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < aa9a76d5ffdecd3b52ac333eb89361b0c9fe04e8affected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < 6bc7f4c8c27d526f968788b8a985896755b1df35affected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < b191ff1f075c4875f11271cbf0093e6e044a12aaaffected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < 43c0e16d0c5ec59398b405f4c4aa5a076e656c3faffected
LinuxLinuxee959b00c335d7780136c5abda37809191fe52c3 < 04b5b5cb0136ce970333a9c6cec7e46adba1ea3aaffected
LinuxLinux2.6.26affected
LinuxLinux0 < 2.6.26unaffected
LinuxLinux4.14.323 <= 4.14.*unaffected
LinuxLinux4.19.292 <= 4.19.*unaffected
LinuxLinux5.4.254 <= 5.4.*unaffected
LinuxLinux5.10.191 <= 5.10.*unaffected
LinuxLinux5.15.127 <= 5.15.*unaffected
LinuxLinux6.1.46 <= 6.1.*unaffected
LinuxLinux6.4.11 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References