CVE-2026-43192

Source
https://cve.org/CVERecord?id=CVE-2026-43192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43192
Downstream
Published
2026-05-06T11:28:01.182Z
Modified
2026-07-08T07:01:42.697324921Z
Summary
dm mpath: Add missing dm_put_device when failing to get scsi dh name
Details

In the Linux kernel, the following vulnerability has been resolved:

dm mpath: Add missing dmputdevice when failing to get scsi dh name

When commit fd81bc5cca8f ("scsi: devicehandler: Return error pointer in scsidhattachedhandlername()") added code to fail parsing the path if scsidhattachedhandlername() failed with -ENOMEM, it didn't clean up the reference to the path device that had just been taken. Fix this, and steamline the error paths of parsepath() a little.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43192.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fd81bc5cca8fc6936a8988de6b5d4c5693b6587e
Fixed
4aa5c37b7d8019f7296111c1add00e7214baae60
Fixed
787bd63ee661b0148ce8e1fde92b7afddd85c446

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43192.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43192.json"