Linux Kernel SCSI Target TCM Loop Name Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SCSI target TCM loop module could lead to a name leak. This issue arises in the 'tcm_loop_setup_hba_bus()' function, where the 'device_register()' failure does not properly free the name assigned by 'dev_set_name()'. The error handling needs to be improved by calling 'put_device()' to release the reference, allowing the name to be cleaned up correctly. The vulnerability could potentially expose internal device names, causing unintended information disclosure.

Impact

Exploitation of this vulnerability could result in a name leak, where internal device names are improperly managed and could be exposed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI Target TCM Loop Name Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating