CVE-2026-23216

EUVD-2026-8019
In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

In iscsit_dec_conn_usage_count(), the function calls complete() while
holding the conn->conn_usage_lock. As soon as complete() is invoked, the
waiter (such as iscsit_close_connection()) may wake up and proceed to free
the iscsit_conn structure.

If the waiter frees the memory before the current thread reaches
spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function
attempts to release a lock within the already-freed connection structure.

Fix this by releasing the spinlock before calling complete().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
3.1 ≤
𝑥
< 5.10.250
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.200
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.163
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.124
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.70
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.10
linuxlinux_kernel
6.19:rc1
linuxlinux_kernel
6.19:rc2
linuxlinux_kernel
6.19:rc3
linuxlinux_kernel
6.19:rc4
linuxlinux_kernel
6.19:rc5
linuxlinux_kernel
6.19:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
linux-6.1
bullseye (security)
6.1.172-1~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1.150700.17.25.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1.150700.17.25.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1.150700.17.25.1
fixed
kernel-docs
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-macros
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-syms
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.37.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.37.1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110
https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44
https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3
https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f
https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75
https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903
https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201