CVE-2021-47258

scsi: core: Fix error handling of scsi_host_alloc()

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsi_host_alloc() After device is initialized via device_initialize(), or its name is set via dev_set_name(), the device has to be freed via put_device(). Otherwise device name will be leaked because it is allocated dynamically in dev_set_name(). Fix the leak by replacing kfree() with put_device(). Since scsi_host_dev_release() properly handles IDA and kthread removal, remove special-casing these from the error handling as well.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8958181c1663e24a13434448e7d6b96b5d04900a patch
https://git.kernel.org/stable/c/db08ce595dd64ea9859f7d088b51cbfc8e685c66 patch
https://git.kernel.org/stable/c/2dc85045ae65b9302a1d2e2ddd7ce4c030153a6a patch
https://git.kernel.org/stable/c/79296e292d67fa7b5fb8d8c27343683e823872c8 patch
https://git.kernel.org/stable/c/7a696ce1d5d16a33a6cd6400bbcc0339b2460e11 patch
https://git.kernel.org/stable/c/45d83db4728127944b237c0c8248987df9d478e7 patch
https://git.kernel.org/stable/c/66a834d092930cf41d809c0e989b13cd6f9ca006 patch

Frequently Asked Questions

What is the severity of CVE-2021-47258?
CVE-2021-47258 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47258?
To fix CVE-2021-47258, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47258 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47258 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47258?
CVE-2021-47258 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.