CVE-2026-23216

EUVD-2026-8019

18.02.2026, 15:18

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

In iscsit_dec_conn_usage_count(), the function calls complete() while
holding the conn->conn_usage_lock. As soon as complete() is invoked, the
waiter (such as iscsit_close_connection()) may wake up and proceed to free
the iscsit_conn structure.

If the waiter frees the memory before the current thread reaches
spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function
attempts to release a lock within the already-freed connection structure.

Fix this by releasing the spinlock before calling complete().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	3.1 ≤ 𝑥 < 5.10.250
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.200
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.163
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.124
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.70
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.10
linux	linux_kernel	6.19:rc1
linux	linux_kernel	6.19:rc2
linux	linux_kernel	6.19:rc3
linux	linux_kernel	6.19:rc4
linux	linux_kernel	6.19:rc5
linux	linux_kernel	6.19:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.164-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.251-1 fixed
forky	6.19.10-1 fixed
sid	6.19.11-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.74-2 fixed

linux-6.1

bullseye (security)

6.1.164-1~deb11u1

fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-02-18T23:00:00+00:00

References

https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110

https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44

https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3

https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f

https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75

https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903

https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201