CVE-2026-23193

EUVD-2026-6108

14.02.2026, 17:15

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In iscsit_dec_session_usage_count(), the function calls complete() while
holding the sess->session_usage_lock. Similar to the connection usage count
logic, the waiter signaled by complete() (e.g., in the session release
path) may wake up and free the iscsit_session structure immediately.

This creates a race condition where the current thread may attempt to
execute spin_unlock_bh() on a session structure that has already been
deallocated, resulting in a KASAN slab-use-after-free.

To resolve this, release the session_usage_lock before calling complete()
to ensure all dereferences of the sess pointer are finished before the
waiter is allowed to proceed with deallocation.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	3.1 ≤ 𝑥 < 5.10.250
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.200
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.163
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.124
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.70
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.10
linux	linux_kernel	6.19:rc1
linux	linux_kernel	6.19:rc2
linux	linux_kernel	6.19:rc3
linux	linux_kernel	6.19:rc4
linux	linux_kernel	6.19:rc5
linux	linux_kernel	6.19:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.164-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.251-1 fixed
forky	6.19.10-1 fixed
sid	6.19.11-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.74-2 fixed

linux-6.1

bullseye (security)

6.1.164-1~deb11u1

fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-02-15T23:00:00+00:00

References

https://git.kernel.org/stable/c/11ebafffce31efc6abeb28c509017976fc49f1ca

https://git.kernel.org/stable/c/2b64015550a13bcc72910be0565548d9a754d46d

https://git.kernel.org/stable/c/41b86a9ec037bd3435d68dd3692f0891a207e7e7

https://git.kernel.org/stable/c/4530f4e4d0e6a207110b0ffed0c911bca43531a4

https://git.kernel.org/stable/c/84dc6037390b8607c5551047d3970336cb51ba9a

https://git.kernel.org/stable/c/d8dbdc146e9e9a976931b78715be2e91299049f9

https://git.kernel.org/stable/c/fd8b0900173307039d3a84644c2fee041a7ed4fb