Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced object 0xffff88801f920120 (size 96): comm "sh", pid 102, jiffies 4294892535 (age 713.412s) hex dump (first 32 bytes): 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8....... backtrace: [<00000000e58a6252>] kmalloc_trace+0x11/0x20 [<0000000043af4b2f>] target_alloc_cmd_counter+0x17/0x90 [target_core_mod] [<000000007da2dfa7>] target_setup_session+0x2d/0x140 [target_core_mod] [<0000000068feef86>] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop] [<000000006a80e021>] configfs_write_iter+0xb1/0x120 [<00000000e9f4d860>] vfs_write+0x2e4/0x3c0 [<000000008143433b>] ksys_write+0x80/0xb0 [<00000000a7df29b2>] do_syscall_64+0x42/0x90 [<0000000053f45fb8>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Free the structure alongside the corresponding iscsit_conn / se_sess parent.
Product status
76b77646f17118f5babe93c032e6b7a53bbde3b9 (git) before 1cd41d1669bcbc5052afa897f85608a62ff3fb30
becd9be6069e7b183c084f460f0eb363e43cc487 (git) before f84639c5ac5f4f95b3992da1af4ff382ebf2e819
becd9be6069e7b183c084f460f0eb363e43cc487 (git) before d14e3e553e05cb763964c991fe6acb0a6a1c6f9c
bc5ebf93ae23a928303b3643c6f4c4da2f769e7c (git)
1eaaf1b828cdaa58abccc68962d24005fd5e8852 (git)
6.4
Any version before 6.4
6.1.55 (semver)
6.5.5 (semver)
6.6 (original_commit_for_fix)
References
git.kernel.org/...c/1cd41d1669bcbc5052afa897f85608a62ff3fb30
git.kernel.org/...c/f84639c5ac5f4f95b3992da1af4ff382ebf2e819
git.kernel.org/...c/d14e3e553e05cb763964c991fe6acb0a6a1c6f9c
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
