CVE-2026-23216
HIGH EPSS 1.9%
Published Feb 18, 20264mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete().
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥3.1 – <5.10.250 |
| linux | linux_kernel | * | ≥5.11 – <5.15.200 |
| linux | linux_kernel | * | ≥5.16 – <6.1.163 |
| linux | linux_kernel | * | ≥6.2 – <6.6.124 |
| linux | linux_kernel | * | ≥6.7 – <6.12.70 |
| linux | linux_kernel | * | ≥6.13 – <6.18.10 |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
References 7
- git.kernel.org https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110
- git.kernel.org https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44
- git.kernel.org https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3
- git.kernel.org https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f
- git.kernel.org https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75
- git.kernel.org https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903
- git.kernel.org https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201
Remediation
- git.kernel.org https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110
- git.kernel.org https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44
- git.kernel.org https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3
- git.kernel.org https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f
- git.kernel.org https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75
- git.kernel.org https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903
- git.kernel.org https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201