CVE-2026-45872 - Vulnerability Details

- scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

pqi_report_phys_luns() fails to release the rpl_list buffer when
encountering an unsupported data format or when the allocation for
rpl_16byte_wwid_list fails. These early returns bypass the cleanup logic,
leading to memory leaks.

Consolidate the error handling by adding an out_free_rpl_list label and use
goto statements to ensure rpl_list is consistently freed on failure.

Compile tested only. Issue found using a prototype static analysis tool and
code review.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises in the smartpqi driver for SCSI devices in the Linux kernel. A failure to release the rpl_list buffer during the pqi_report_phys_luns() routine, when encountering unsupported data formats or when allocation for rpl_16byte_wwid_list fails, leads to a memory leak. The lack of cleanup on early return paths means allocated memory is not reclaimed until deallocation or a system reboot, potentially exhausting kernel memory over time and degrading system stability.

Affected Systems

Linux kernel implementations that include the smartpqi SCSI driver, such as the generic Linux distributions using the upstream kernel.

Risk and Exploitability

The failure is triggered by SCSI operations that invoke the problematic routine and does not provide remote code execution or privilege escalation. It can only be exploited locally by an attacker with the ability to repeatedly call the routine to accumulate memory pressure, thereby compromising system availability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Given the lack of a CVSS score, the risk is considered moderate for availability in environments with long‑running SCSI workloads.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`28ca6d876c5a375094847606046e0bf5d044d9b4`	affected	< f471ecfec093e39ef8fd08978413793087daa14d
`28ca6d876c5a375094847606046e0bf5d044d9b4`	affected	< fdf1188cfa80f88c9f18d58cb33d57ff40e70e26
`28ca6d876c5a375094847606046e0bf5d044d9b4`	affected	< d52e13122d3771f753dd73ae6512fa01f58015cb
`28ca6d876c5a375094847606046e0bf5d044d9b4`	affected	< e5579ebaadc7b699868dad0f591a7bf83cd647e1
`28ca6d876c5a375094847606046e0bf5d044d9b4`	affected	< 454570434114e4862767f506a442a0f110b639b2
`28ca6d876c5a375094847606046e0bf5d044d9b4`	affected	< 41b37312bd9722af77ec7817ccf22d7a4880c289

Linux

affected

Version	Status	Constraints
`5.16`	affected	—
`0`	unaffected	< 5.16
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[28ca6d876c5a375094847606046e0bf5d044d9b4,f471ecfec093e39ef8fd08978413793087daa14d)`	affected	code_commit	—
`[28ca6d876c5a375094847606046e0bf5d044d9b4,fdf1188cfa80f88c9f18d58cb33d57ff40e70e26)`	affected	code_commit	—
`[28ca6d876c5a375094847606046e0bf5d044d9b4,d52e13122d3771f753dd73ae6512fa01f58015cb)`	affected	code_commit	—
`[28ca6d876c5a375094847606046e0bf5d044d9b4,e5579ebaadc7b699868dad0f591a7bf83cd647e1)`	affected	code_commit	—
`[28ca6d876c5a375094847606046e0bf5d044d9b4,454570434114e4862767f506a442a0f110b639b2)`	affected	code_commit	—
`[28ca6d876c5a375094847606046e0bf5d044d9b4,41b37312bd9722af77ec7817ccf22d7a4880c289)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.16`	affected	semver	—
`[0,5.16)`	unaffected	generic	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the kernel patch that introduces out_free_rpl_list and ensures rpl_list is freed on failures as referenced in the commit logs.
Reboot the system to load the patched kernel.
Monitor kernel memory usage patterns for SCSI operations and verify the absence of repeated allocation failures.

Generated by OpenCVE AI on May 27, 2026 at 17:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/41b37312bd9722af77ec7817ccf22d7a4880c289
https://git.kernel.org/stable/c/454570434114e4862767f506a442a0f110b639b2
https://git.kernel.org/stable/c/d52e13122d3771f753dd73ae6512fa01f58015cb
https://git.kernel.org/stable/c/e5579ebaadc7b699868dad0f591a7bf83cd647e1
https://git.kernel.org/stable/c/f471ecfec093e39ef8fd08978413793087daa14d
https://git.kernel.org/stable/c/fdf1188cfa80f88c9f18d58cb33d57ff40e70e26

History

Wed, 27 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() pqi_report_phys_luns() fails to release the rpl_list buffer when encountering an unsupported data format or when the allocation for rpl_16byte_wwid_list fails. These early returns bypass the cleanup logic, leading to memory leaks. Consolidate the error handling by adding an out_free_rpl_list label and use goto statements to ensure rpl_list is consistently freed on failure. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title		scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/41b37312bd9722af77ec7817ccf22d7a4880c289 https://git.kernel.org/stable/c/454570434114e4862767f506a442a0f110b639b2 https://git.kernel.org/stable/c/d52e13122d3771f753dd73ae6512fa01f58015cb https://git.kernel.org/stable/c/e5579ebaadc7b699868dad0f591a7bf83cd647e1 https://git.kernel.org/stable/c/f471ecfec093e39ef8fd08978413793087daa14d https://git.kernel.org/stable/c/fdf1188cfa80f88c9f18d58cb33d57ff40e70e26

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:52.133Z

Updated: 2026-05-27T12:15:52.133Z

Reserved: 2026-05-13T15:03:33.081Z

Link: CVE-2026-45872

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:00.670

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45872

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T17:45:33Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object