CVE-2026-43192

MEDIUM

dm mpath: Add missing dm_put_device when failing to get scsi dh name

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dm_put_device when failing to get scsi dh name When commit fd81bc5cca8f ("scsi: device_handler: Return error pointer in scsi_dh_attached_handler_name()") added code to fail parsing the path if scsi_dh_attached_handler_name() failed with -ENOMEM, it didn't clean up the reference to the path device that had just been taken. Fix this, and steamline the error paths of parse_path() a little.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/4aa5c37b7d8019f7296111c1add00e7214baae60

https://git.kernel.org/stable/c/787bd63ee661b0148ce8e1fde92b7afddd85c446

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (7)

Linux/Linux < 6.19

Linux/Linux 6.19

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 7.0

Linux/Linux fd81bc5cca8fc6936a8988de6b5d4c5693b6587e - 4aa5c37b7d8019f7296111c1add00e7214baae60

Linux/Linux fd81bc5cca8fc6936a8988de6b5d4c5693b6587e - 787bd63ee661b0148ce8e1fde92b7afddd85c446

linux/linux_kernel 6.19 - 6.19.6

Published May 06, 2026

Tracked Since May 06, 2026