CVE-2026-23216

HIGH EPSS 1.9%
Published Feb 18, 20264mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥3.1  –  <5.10.250
linuxlinux_kernel*≥5.11  –  <5.15.200
linuxlinux_kernel*≥5.16  –  <6.1.163
linuxlinux_kernel*≥6.2  –  <6.6.124
linuxlinux_kernel*≥6.7  –  <6.12.70
linuxlinux_kernel*≥6.13  –  <6.18.10
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201
    Patch