Copyright © 2012 Red Hat, Inc. All rights reserved. Low 2026-05-27T00:00:00 kernel: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-772

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The device_add_disk() error path in sd_probe() calls put_disk(gd); call put_disk(gd) here to mirror that cleanup.

A flaw was found in the Linux kernel's SCSI disk (sd) driver. When adding a new device, a failure in `device_add()` can lead to a resource leak where a gendisk remains referenced but is not properly freed. This missing cleanup, specifically the `put_disk()` call, can result in resource exhaustion. A local attacker could potentially exploit this to cause a Denial of Service (DoS) on the system.

Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-45997 https://nvd.nist.gov/vuln/detail/CVE-2026-45997 https://lore.kernel.org/linux-cve-announce/2026052741-CVE-2026-45997-1c32@gregkh/T