In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

If device_add(&sdkp->disk_dev) fails, put_device() runs
scsi_disk_release(), which frees the scsi_disk but leaves the gendisk
referenced. The device_add_disk() error path in sd_probe() calls
put_disk(gd); call put_disk(gd) here to mirror that cleanup.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
265dfe8ebbabae7959060bd1c3f75c2473b697ed affected < 262152ec37101f9dc524743ccdbd6c7641d14573
265dfe8ebbabae7959060bd1c3f75c2473b697ed affected < b64b4f499801b12d0e2785447e4df6c164c608a9
265dfe8ebbabae7959060bd1c3f75c2473b697ed affected < 13e550fbfccdb311e76ec96892dfe35f0dba0657
265dfe8ebbabae7959060bd1c3f75c2473b697ed affected < a95d38c5701431bfc826e7b18acc0785919d5c88
265dfe8ebbabae7959060bd1c3f75c2473b697ed affected < 1e111c4b3a726df1254670a5cc4868cedb946d37
d56459d361a9a99bead8b594635353053271356c affected
a3e5a9208466b63f27a2509a691023b446ea5105 affected
4e8e6427319de323f613caa8fd37120df83138d0 affected
eadb60bcc2005247d97dcb3becee57aba4024ff4 affected
350d048cc506368a316f0bc4082426b24a2a9fc0 affected
60df9f55562a57173a11b6c7011eee40dfa48157 affected
e95f62013a1159eeea752bb52df0683ee77f70ca affected
4.4.288 affected < 4.5
4.9.286 affected < 4.10
4.14.250 affected < 4.15
4.19.210 affected < 4.20
5.4.152 affected < 5.5
5.10.72 affected < 5.11
5.14.11 affected < 5.15
Linux Linux affected
Version Status Constraints
5.15 affected
0 unaffected < 5.15
6.6.140 unaffected ≤ 6.6.*
6.12.86 unaffected ≤ 6.12.*
6.18.27 unaffected ≤ 6.18.*
7.0.4 unaffected ≤ 7.0.*
7.1-rc1 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/13e550fbfccdb311e76ec96892dfe35f0dba0657 cve-icon cve-icon
https://git.kernel.org/stable/c/1e111c4b3a726df1254670a5cc4868cedb946d37 cve-icon cve-icon
https://git.kernel.org/stable/c/262152ec37101f9dc524743ccdbd6c7641d14573 cve-icon cve-icon
https://git.kernel.org/stable/c/a95d38c5701431bfc826e7b18acc0785919d5c88 cve-icon cve-icon
https://git.kernel.org/stable/c/b64b4f499801b12d0e2785447e4df6c164c608a9 cve-icon cve-icon
History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The device_add_disk() error path in sd_probe() calls put_disk(gd); call put_disk(gd) here to mirror that cleanup.
Title scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:55:51.154Z

Reserved: 2026-05-13T15:03:33.091Z

Link: CVE-2026-45997

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:17.280

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45997

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T21:45:42Z

Weaknesses

No weakness.