{"api_version":"1","generated_at":"2026-06-24T23:23:41+00:00","cve":"CVE-2026-45997","urls":{"html":"https://cve.report/CVE-2026-45997","api":"https://cve.report/api/cve/CVE-2026-45997.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-45997","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-45997"},"summary":{"title":"scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: fix missing put_disk() when device_add(&disk_dev) fails\n\nIf device_add(&sdkp->disk_dev) fails, put_device() runs\nscsi_disk_release(), which frees the scsi_disk but leaves the gendisk\nreferenced. The device_add_disk() error path in sd_probe() calls\nput_disk(gd); call put_disk(gd) here to mirror that cleanup.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-27 14:17:17","updated_at":"2026-06-16 13:41:25"},"problem_types":["NVD-CWE-noinfo"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/262152ec37101f9dc524743ccdbd6c7641d14573","name":"https://git.kernel.org/stable/c/262152ec37101f9dc524743ccdbd6c7641d14573","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1e111c4b3a726df1254670a5cc4868cedb946d37","name":"https://git.kernel.org/stable/c/1e111c4b3a726df1254670a5cc4868cedb946d37","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/2c2c14b7dfccad8c5a28802849e40c21252e4c28","name":"https://git.kernel.org/stable/c/2c2c14b7dfccad8c5a28802849e40c21252e4c28","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b64b4f499801b12d0e2785447e4df6c164c608a9","name":"https://git.kernel.org/stable/c/b64b4f499801b12d0e2785447e4df6c164c608a9","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/13e550fbfccdb311e76ec96892dfe35f0dba0657","name":"https://git.kernel.org/stable/c/13e550fbfccdb311e76ec96892dfe35f0dba0657","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a95d38c5701431bfc826e7b18acc0785919d5c88","name":"https://git.kernel.org/stable/c/a95d38c5701431bfc826e7b18acc0785919d5c88","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45997","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45997","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 265dfe8ebbabae7959060bd1c3f75c2473b697ed 2c2c14b7dfccad8c5a28802849e40c21252e4c28 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 265dfe8ebbabae7959060bd1c3f75c2473b697ed 262152ec37101f9dc524743ccdbd6c7641d14573 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 265dfe8ebbabae7959060bd1c3f75c2473b697ed b64b4f499801b12d0e2785447e4df6c164c608a9 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 265dfe8ebbabae7959060bd1c3f75c2473b697ed 13e550fbfccdb311e76ec96892dfe35f0dba0657 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 265dfe8ebbabae7959060bd1c3f75c2473b697ed a95d38c5701431bfc826e7b18acc0785919d5c88 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 265dfe8ebbabae7959060bd1c3f75c2473b697ed 1e111c4b3a726df1254670a5cc4868cedb946d37 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected d56459d361a9a99bead8b594635353053271356c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a3e5a9208466b63f27a2509a691023b446ea5105 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4e8e6427319de323f613caa8fd37120df83138d0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected eadb60bcc2005247d97dcb3becee57aba4024ff4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 350d048cc506368a316f0bc4082426b24a2a9fc0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 60df9f55562a57173a11b6c7011eee40dfa48157 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected e95f62013a1159eeea752bb52df0683ee77f70ca git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.4.288 4.5 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.9.286 4.10 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.14.250 4.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.19.210 4.20 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.4.152 5.5 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.10.72 5.11 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.14.11 5.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.15","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.175 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.140 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.86 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.27 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.4 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"45997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"45997","cve":"CVE-2026-45997","epss":"0.000320000","percentile":"0.097350000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/scsi/sd.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"2c2c14b7dfccad8c5a28802849e40c21252e4c28","status":"affected","version":"265dfe8ebbabae7959060bd1c3f75c2473b697ed","versionType":"git"},{"lessThan":"262152ec37101f9dc524743ccdbd6c7641d14573","status":"affected","version":"265dfe8ebbabae7959060bd1c3f75c2473b697ed","versionType":"git"},{"lessThan":"b64b4f499801b12d0e2785447e4df6c164c608a9","status":"affected","version":"265dfe8ebbabae7959060bd1c3f75c2473b697ed","versionType":"git"},{"lessThan":"13e550fbfccdb311e76ec96892dfe35f0dba0657","status":"affected","version":"265dfe8ebbabae7959060bd1c3f75c2473b697ed","versionType":"git"},{"lessThan":"a95d38c5701431bfc826e7b18acc0785919d5c88","status":"affected","version":"265dfe8ebbabae7959060bd1c3f75c2473b697ed","versionType":"git"},{"lessThan":"1e111c4b3a726df1254670a5cc4868cedb946d37","status":"affected","version":"265dfe8ebbabae7959060bd1c3f75c2473b697ed","versionType":"git"},{"status":"affected","version":"d56459d361a9a99bead8b594635353053271356c","versionType":"git"},{"status":"affected","version":"a3e5a9208466b63f27a2509a691023b446ea5105","versionType":"git"},{"status":"affected","version":"4e8e6427319de323f613caa8fd37120df83138d0","versionType":"git"},{"status":"affected","version":"eadb60bcc2005247d97dcb3becee57aba4024ff4","versionType":"git"},{"status":"affected","version":"350d048cc506368a316f0bc4082426b24a2a9fc0","versionType":"git"},{"status":"affected","version":"60df9f55562a57173a11b6c7011eee40dfa48157","versionType":"git"},{"status":"affected","version":"e95f62013a1159eeea752bb52df0683ee77f70ca","versionType":"git"},{"lessThan":"4.5","status":"affected","version":"4.4.288","versionType":"semver"},{"lessThan":"4.10","status":"affected","version":"4.9.286","versionType":"semver"},{"lessThan":"4.15","status":"affected","version":"4.14.250","versionType":"semver"},{"lessThan":"4.20","status":"affected","version":"4.19.210","versionType":"semver"},{"lessThan":"5.5","status":"affected","version":"5.4.152","versionType":"semver"},{"lessThan":"5.11","status":"affected","version":"5.10.72","versionType":"semver"},{"lessThan":"5.15","status":"affected","version":"5.14.11","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/scsi/sd.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"5.15"},{"lessThan":"5.15","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.175","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.140","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.86","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.27","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.175","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.140","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.86","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.27","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.4","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.288","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.286","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.250","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.210","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.152","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.72","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14.11","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: fix missing put_disk() when device_add(&disk_dev) fails\n\nIf device_add(&sdkp->disk_dev) fails, put_device() runs\nscsi_disk_release(), which frees the scsi_disk but leaves the gendisk\nreferenced. The device_add_disk() error path in sd_probe() calls\nput_disk(gd); call put_disk(gd) here to mirror that cleanup."}],"providerMetadata":{"dateUpdated":"2026-06-14T17:47:03.622Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/2c2c14b7dfccad8c5a28802849e40c21252e4c28"},{"url":"https://git.kernel.org/stable/c/262152ec37101f9dc524743ccdbd6c7641d14573"},{"url":"https://git.kernel.org/stable/c/b64b4f499801b12d0e2785447e4df6c164c608a9"},{"url":"https://git.kernel.org/stable/c/13e550fbfccdb311e76ec96892dfe35f0dba0657"},{"url":"https://git.kernel.org/stable/c/a95d38c5701431bfc826e7b18acc0785919d5c88"},{"url":"https://git.kernel.org/stable/c/1e111c4b3a726df1254670a5cc4868cedb946d37"}],"title":"scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-45997","datePublished":"2026-05-27T12:55:51.154Z","dateReserved":"2026-05-13T15:03:33.091Z","dateUpdated":"2026-06-14T17:47:03.622Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:17:17","lastModifiedDate":"2026-06-16 13:41:25","problem_types":["NVD-CWE-noinfo"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.288","versionEndExcluding":"4.5","matchCriteriaId":"F03F9BA4-CCF9-4A10-B849-63D309580F3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.286","versionEndExcluding":"4.10","matchCriteriaId":"BFC2D553-7977-4EE1-9AD0-07A8D23E2417"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.250","versionEndExcluding":"4.15","matchCriteriaId":"1EB516A4-E6C1-42C9-92A8-8AC97D12C79C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.210","versionEndExcluding":"4.20","matchCriteriaId":"F612FB49-058A-431F-A8F2-5A2A547E534D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.152","versionEndExcluding":"5.5","matchCriteriaId":"67E7A6FF-6541-403A-8CBF-E7367726267A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.72","versionEndExcluding":"5.11","matchCriteriaId":"A4A7A46D-85E6-4ADC-833A-2E5F0B651480"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14.11","versionEndExcluding":"5.15","matchCriteriaId":"3C67C5EC-7ED4-407D-9800-198B7F076D0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.1","versionEndExcluding":"6.1.175","matchCriteriaId":"1CA44076-21AC-4B6F-AC20-FDF981785CB0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*","matchCriteriaId":"40D9C0D1-0F32-4A2B-9840-1072F5497540"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*","matchCriteriaId":"0460DA88-8FE1-46A2-9DDA-1F1ABA552E71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*","matchCriteriaId":"AF55383D-4DF2-45DC-93F7-571F4F978EAB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*","matchCriteriaId":"9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*","matchCriteriaId":"EBD45831-4B79-42BC-ABC0-86870F0DEA89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc7:*:*:*:*:*:*","matchCriteriaId":"948A6B8D-1B72-4945-8680-354E53BE1C80"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"45997","Ordinal":"1","Title":"scsi: sd: fix missing put_disk() when device_add(&disk_dev) fail","CVE":"CVE-2026-45997","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"45997","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: fix missing put_disk() when device_add(&disk_dev) fails\n\nIf device_add(&sdkp->disk_dev) fails, put_device() runs\nscsi_disk_release(), which frees the scsi_disk but leaves the gendisk\nreferenced. The device_add_disk() error path in sd_probe() calls\nput_disk(gd); call put_disk(gd) here to mirror that cleanup.","Type":"Description","Title":"scsi: sd: fix missing put_disk() when device_add(&disk_dev) fail"}]}}}