CVE-2026-45997

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference-count leak occurs in the SCSI subsystem. When the device add(&disk dev) function fails, put device() triggers scsi disk release(), which frees the scsi disk but fails to release the gendisk reference. This results in a missing put disk() call during the cleanup process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.