CVE-2026-45997

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The device_add_disk() error path in sd_probe() calls put_disk(gd); call put_disk(gd) here to mirror that cleanup.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux265dfe8ebbabae7959060bd1c3f75c2473b697ed < 2c2c14b7dfccad8c5a28802849e40c21252e4c28affected
LinuxLinux265dfe8ebbabae7959060bd1c3f75c2473b697ed < 262152ec37101f9dc524743ccdbd6c7641d14573affected
LinuxLinux265dfe8ebbabae7959060bd1c3f75c2473b697ed < b64b4f499801b12d0e2785447e4df6c164c608a9affected
LinuxLinux265dfe8ebbabae7959060bd1c3f75c2473b697ed < 13e550fbfccdb311e76ec96892dfe35f0dba0657affected
LinuxLinux265dfe8ebbabae7959060bd1c3f75c2473b697ed < a95d38c5701431bfc826e7b18acc0785919d5c88affected
LinuxLinux265dfe8ebbabae7959060bd1c3f75c2473b697ed < 1e111c4b3a726df1254670a5cc4868cedb946d37affected
LinuxLinuxd56459d361a9a99bead8b594635353053271356caffected
LinuxLinuxa3e5a9208466b63f27a2509a691023b446ea5105affected
LinuxLinux4e8e6427319de323f613caa8fd37120df83138d0affected
LinuxLinuxeadb60bcc2005247d97dcb3becee57aba4024ff4affected
LinuxLinux350d048cc506368a316f0bc4082426b24a2a9fc0affected
LinuxLinux60df9f55562a57173a11b6c7011eee40dfa48157affected
LinuxLinuxe95f62013a1159eeea752bb52df0683ee77f70caaffected
LinuxLinux4.4.288 < 4.5affected
LinuxLinux4.9.286 < 4.10affected
LinuxLinux4.14.250 < 4.15affected
LinuxLinux4.19.210 < 4.20affected
LinuxLinux5.4.152 < 5.5affected
LinuxLinux5.10.72 < 5.11affected
LinuxLinux5.14.11 < 5.15affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.86 <= 6.12.*unaffected
LinuxLinux6.18.27 <= 6.18.*unaffected
LinuxLinux7.0.4 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References