CVE-2026-45997 PUBLISHED

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The device_add_disk() error path in sd_probe() calls put_disk(gd); call put_disk(gd) here to mirror that cleanup.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 265dfe8ebbabae7959060bd1c3f75c2473b697ed to 262152ec37101f9dc524743ccdbd6c7641d14573 (excl.)
  • affected from 265dfe8ebbabae7959060bd1c3f75c2473b697ed to b64b4f499801b12d0e2785447e4df6c164c608a9 (excl.)
  • affected from 265dfe8ebbabae7959060bd1c3f75c2473b697ed to 13e550fbfccdb311e76ec96892dfe35f0dba0657 (excl.)
  • affected from 265dfe8ebbabae7959060bd1c3f75c2473b697ed to a95d38c5701431bfc826e7b18acc0785919d5c88 (excl.)
  • affected from 265dfe8ebbabae7959060bd1c3f75c2473b697ed to 1e111c4b3a726df1254670a5cc4868cedb946d37 (excl.)
  • Version d56459d361a9a99bead8b594635353053271356c is affected
  • Version a3e5a9208466b63f27a2509a691023b446ea5105 is affected
  • Version 4e8e6427319de323f613caa8fd37120df83138d0 is affected
  • Version eadb60bcc2005247d97dcb3becee57aba4024ff4 is affected
  • Version 350d048cc506368a316f0bc4082426b24a2a9fc0 is affected
  • Version 60df9f55562a57173a11b6c7011eee40dfa48157 is affected
  • Version e95f62013a1159eeea752bb52df0683ee77f70ca is affected
  • affected from 4.4.288 to 4.5 (excl.)
  • affected from 4.9.286 to 4.10 (excl.)
  • affected from 4.14.250 to 4.15 (excl.)
  • affected from 4.19.210 to 4.20 (excl.)
  • affected from 5.4.152 to 5.5 (excl.)
  • affected from 5.10.72 to 5.11 (excl.)
  • affected from 5.14.11 to 5.15 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 5.15 is affected
  • unaffected from 0 to 5.15 (excl.)
  • unaffected from 6.6.140 to 6.6.* (incl.)
  • unaffected from 6.12.86 to 6.12.* (incl.)
  • unaffected from 6.18.27 to 6.18.* (incl.)
  • unaffected from 7.0.4 to 7.0.* (incl.)
  • unaffected from 7.1-rc1 to * (incl.)

References