In the Linux kernel, the following vulnerability has been resolved:
scsi: sd: fix missing putdisk() when deviceadd(&disk_dev) fails
If deviceadd(&sdkp->diskdev) fails, putdevice() runs scsidiskrelease(), which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk() error path in sdprobe() calls putdisk(gd); call put_disk(gd) here to mirror that cleanup.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45997.json",
"cna_assigner": "Linux"
}