CVE-2022-49780

scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need goto error label in this case.

N/A
CVSS
Severity:
EPSS 0.10%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/41a6b8b527a5957fab41c3c05e25ad125268e2e9
https://git.kernel.org/stable/c/28f7ff5e7559d226e63c7c5de74eb075a83d8c53
https://git.kernel.org/stable/c/75205f1b47a88c3fac4f30bd7567e89b2887c7fd
https://git.kernel.org/stable/c/a636772988bafab89278e7bb3420d8e8eacfe912
https://git.kernel.org/stable/c/dce0589a3faec9e2e543e97bca7e62592ec85585
https://git.kernel.org/stable/c/bc68e428d4963af0201e92159629ab96948f0893

Frequently Asked Questions

What is the severity of CVE-2022-49780?
CVE-2022-49780 has not yet been assigned a CVSS score.
How to fix CVE-2022-49780?
To fix CVE-2022-49780, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49780 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49780 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49780?
CVE-2022-49780 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.