Linux Kernel SCSI Core Memory Leak Vulnerability Fix

A memory leak vulnerability in the SCSI core of the Linux kernel has been addressed. The issue arose when the device_add() function failed, as the allocated name was not properly freed. The vulnerability is present in the SCSI subsystem, specifically within the raid_class component. The root cause was a missing reference count decrement in the error handling path, which has now been corrected by explicitly freeing the device name and managing the reference count appropriately.

Impact

The vulnerability could lead to a memory leak, where allocated memory is not released, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by adding a SCSI RAID component that triggers an error in the device_add() function. This will cause the allocated name to remain unfed, leading to a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archive.