Home

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() pqi_report_phys_luns() fails to release the rpl_list buffer when encountering an unsupported data format or when the allocation for rpl_16byte_wwid_list fails. These early returns bypass the cleanup logic, leading to memory leaks. Consolidate the error handling by adding an out_free_rpl_list label and use goto statements to ensure rpl_list is consistently freed on failure. Compile tested only. Issue found using a prototype static analysis tool and code review.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-27 | Assigner Linux

Product status

Default status
unaffected

28ca6d876c5a375094847606046e0bf5d044d9b4 (git) before f471ecfec093e39ef8fd08978413793087daa14d
affected

28ca6d876c5a375094847606046e0bf5d044d9b4 (git) before fdf1188cfa80f88c9f18d58cb33d57ff40e70e26
affected

28ca6d876c5a375094847606046e0bf5d044d9b4 (git) before d52e13122d3771f753dd73ae6512fa01f58015cb
affected

28ca6d876c5a375094847606046e0bf5d044d9b4 (git) before e5579ebaadc7b699868dad0f591a7bf83cd647e1
affected

28ca6d876c5a375094847606046e0bf5d044d9b4 (git) before 454570434114e4862767f506a442a0f110b639b2
affected

28ca6d876c5a375094847606046e0bf5d044d9b4 (git) before 41b37312bd9722af77ec7817ccf22d7a4880c289
affected

Default status
affected

5.16
affected

Any version before 5.16
unaffected

6.1.165 (semver)
unaffected

6.6.128 (semver)
unaffected

6.12.75 (semver)
unaffected

6.18.14 (semver)
unaffected

6.19.4 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/f471ecfec093e39ef8fd08978413793087daa14d

git.kernel.org/...c/fdf1188cfa80f88c9f18d58cb33d57ff40e70e26

git.kernel.org/...c/d52e13122d3771f753dd73ae6512fa01f58015cb

git.kernel.org/...c/e5579ebaadc7b699868dad0f591a7bf83cd647e1

git.kernel.org/...c/454570434114e4862767f506a442a0f110b639b2

git.kernel.org/...c/41b37312bd9722af77ec7817ccf22d7a4880c289

cve.org (CVE-2026-45872)

nvd.nist.gov (CVE-2026-45872)

Download JSON