PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45997 Linux CVE debrief

A vulnerability in the Linux kernel's SCSI disk (sd) driver could lead to a resource leak when device registration fails. The issue occurs in the error handling path of the SCSI disk probe function: if `device_add()` fails for the disk device, the cleanup code calls `put_device()` which triggers `scsi_disk_release()` to free the `scsi_disk` structure, but the associated `gendisk` structure remains referenced without being released. This leaves the gendisk with an elevated reference count, causing a memory leak. The fix adds a `put_disk()` call in this error path to mirror the cleanup behavior used in the `device_add_disk()` error path within `sd_probe()`. The vulnerability was resolved in the Linux kernel stable branches.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators managing servers with SCSI, SAS, or SATA storage devices; kernel maintainers; organizations running custom kernel builds

Technical summary

The vulnerability exists in `drivers/scsi/sd.c` in the SCSI disk driver probe error handling. When `device_add(&sdkp->disk_dev)` fails, the existing cleanup calls `put_device()` which releases the `scsi_disk` but not the `gendisk`. The fix adds `put_disk(gd)` to properly decrement the gendisk reference count, preventing memory leak. This mirrors the cleanup pattern already present in the `device_add_disk()` error path of `sd_probe()`.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates from your Linux distribution that include the fix for CVE-2026-45997
  • Verify kernel version includes commits addressing the SCSI sd driver memory leak in the device_add error path
  • Monitor system memory usage on systems with SCSI/SATA storage devices for potential resource exhaustion indicators
  • Review kernel changelogs for stable kernel branches to confirm the fix is present

Evidence notes

The CVE description and kernel commit references confirm this is a memory leak fix in the SCSI sd driver error handling path. The fix ensures proper reference counting cleanup when `device_add(&disk_dev)` fails.

Official resources

2026-05-27