CVE-2026-23216

18.02.2026, 15:18

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

In iscsit_dec_conn_usage_count(), the function calls complete() while
holding the conn->conn_usage_lock. As soon as complete() is invoked, the
waiter (such as iscsit_close_connection()) may wake up and proceed to free
the iscsit_conn structure.

If the waiter frees the memory before the current thread reaches
spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function
attempts to release a lock within the already-freed connection structure.

Fix this by releasing the spinlock before calling complete().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	vulnerable
sid	6.18.12-1 fixed
trixie	vulnerable
trixie (security)	6.12.73-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-02-18T23:00:00+00:00

References

https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110

https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44

https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3

https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f

https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75

https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903

https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201