Lucene search

K
redhatcveRedhat.comRH:CVE-2021-47258
HistoryMay 23, 2024 - 2:05 p.m.

CVE-2021-47258

2024-05-2314:05:29
redhat.com
access.redhat.com
3
linux kernel
scsi
error handling
device name
fix
vulnerability

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsi_host_alloc() After device is initialized via device_initialize(), or its name is set via dev_set_name(), the device has to be freed via put_device(). Otherwise device name will be leaked because it is allocated dynamically in dev_set_name(). Fix the leak by replacing kfree() with put_device(). Since scsi_host_dev_release() properly handles IDA and kthread removal, remove special-casing these from the error handling as well.

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%