摘要:
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix error handling of scsi_host_alloc()
After device is initialized via device_initialize(), or its name is set via
dev_set_name(), the device has to be freed via put_device(). Otherwise
device name will be leaked because it is allocated dynamically in
dev_set_name().
Fix the leak by replacing kfree() with put_device(). Since
scsi_host_dev_release() properly handles IDA and kthread removal, remove
special-casing these from the error handling as well.
安全等级: Low
公告ID: KylinSec-SA-2024-2611
发布日期: 2024年6月5日
关联CVE: CVE-2021-47258
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix error handling of scsi_host_alloc()
After device is initialized via device_initialize(), or its name is set via
dev_set_name(), the device has to be freed via put_device(). Otherwise
device name will be leaked because it is allocated dynamically in
dev_set_name().
Fix the leak by replacing kfree() with put_device(). Since
scsi_host_dev_release() properly handles IDA and kthread removal, remove
special-casing these from the error handling as well.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-47258 | KY3.4-5 | kernel | Unaffected |
| CVE-2021-47258 | KY3.5.3 | kernel | Unaffected |
| CVE-2021-47258 | V6 | kernel | Unaffected |
