CVE-2026-45872 PUBLISHED

scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

pqi_report_phys_luns() fails to release the rpl_list buffer when encountering an unsupported data format or when the allocation for rpl_16byte_wwid_list fails. These early returns bypass the cleanup logic, leading to memory leaks.

Consolidate the error handling by adding an out_free_rpl_list label and use goto statements to ensure rpl_list is consistently freed on failure.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 28ca6d876c5a375094847606046e0bf5d044d9b4 to f471ecfec093e39ef8fd08978413793087daa14d (excl.)
  • affected from 28ca6d876c5a375094847606046e0bf5d044d9b4 to fdf1188cfa80f88c9f18d58cb33d57ff40e70e26 (excl.)
  • affected from 28ca6d876c5a375094847606046e0bf5d044d9b4 to d52e13122d3771f753dd73ae6512fa01f58015cb (excl.)
  • affected from 28ca6d876c5a375094847606046e0bf5d044d9b4 to e5579ebaadc7b699868dad0f591a7bf83cd647e1 (excl.)
  • affected from 28ca6d876c5a375094847606046e0bf5d044d9b4 to 454570434114e4862767f506a442a0f110b639b2 (excl.)
  • affected from 28ca6d876c5a375094847606046e0bf5d044d9b4 to 41b37312bd9722af77ec7817ccf22d7a4880c289 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 5.16 is affected
  • unaffected from 0 to 5.16 (excl.)
  • unaffected from 6.1.165 to 6.1.* (incl.)
  • unaffected from 6.6.128 to 6.6.* (incl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.14 to 6.18.* (incl.)
  • unaffected from 6.19.4 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References