VYPR
Medium severity5.5NVD Advisory· Published May 27, 2026· Updated Jun 16, 2026

CVE-2026-45997

CVE-2026-45997

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The device_add_disk() error path in sd_probe() calls put_disk(gd); call put_disk(gd) here to mirror that cleanup.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Linux/Kernel8 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.4.288,<4.5
    • cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:5.15:rc7:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.