CVE Catalog

CVE-2026-45997

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability in the Linux kernel has been fixed related to the missing put_disk() call when device_add(&disk_dev) fails. This bug resulted in the scsi_disk being freed while the gendisk remained referenced.

Risk Assessment

The lack of proper resource cleanup may lead to memory leaks and system instability, threatening the integrity and availability of services.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper resource management.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The device_add_disk() error path in sd_probe() calls put_disk(gd); call put_disk(gd) here to mirror that cleanup.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS