Vitaly Mayatskikh

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.8 **Description** The issue is related to unbalanced refcounting in the Linux kernel when handling SCSI I/O vectors with small consecutive buffers belonging to the same page. This occurs because the `bio add pc page` function merges these buffers into one, but the page reference is never dropped, leading to a memory leak. The memory leak can cause a system lockup due to an out-of-memory condition, which can be exploited by a guest OS user against the host OS if a SCSI disk is passed through to a virtual machine. **Recommendations** For Linux kernel versions prior to 4.13.8, update to version 4.13.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of SCSI disks in virtual machines to minimize the risk of exploitation.