scsi: snic: Fix possible memory leak if device_add() fails
CVE-2023-53436

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2025

What is CVE-2023-53436?

In the Linux kernel, the following vulnerability has been resolved:

scsi: snic: Fix possible memory leak if device_add() fails

If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp().

Affected Version(s)

Linux c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa < 789275f7c0544374d40bc8d9c81f96751a41df45

Linux c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Linux c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

References

https://git.kernel.org/stable/c/789275f7c0544374d40bc8d9c...
https://git.kernel.org/stable/c/f830968d464f55e11bc9260a1...
https://git.kernel.org/stable/c/cea09922f5f75652d55b481ee...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53436 : Memory Leak in Linux Kernel SCSI Module