Linux Kernel iSCSI Target Use-After-Free in iscsit_dec_conn_usage_count()
CVE-2026-23216 Published on February 18, 2026
scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In iscsit_dec_conn_usage_count(), the function calls complete() while
holding the conn->conn_usage_lock. As soon as complete() is invoked, the
waiter (such as iscsit_close_connection()) may wake up and proceed to free
the iscsit_conn structure.
If the waiter frees the memory before the current thread reaches
spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function
attempts to release a lock within the already-freed connection structure.
Fix this by releasing the spinlock before calling complete().
Products Associated with CVE-2026-23216
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-23216 are published in Linux Kernel:
Affected Versions
Linux:- Version e48354ce078c079996f89d715dfa44814b4eba01 and below ba684191437380a07b27666eb4e72748be1ea201 is affected.
- Version e48354ce078c079996f89d715dfa44814b4eba01 and below 8518f072fc92921418cd9ed4268dd4f3e9a8fd75 is affected.
- Version e48354ce078c079996f89d715dfa44814b4eba01 and below 275016a551ba1a068a3bd6171b18611726b67110 is affected.
- Version e48354ce078c079996f89d715dfa44814b4eba01 and below 73b487d44bf4f92942629d578381f89c326ff77f is affected.
- Version e48354ce078c079996f89d715dfa44814b4eba01 and below 48fe983e92de2c59d143fe38362ad17ba23ec7f3 is affected.
- Version e48354ce078c079996f89d715dfa44814b4eba01 and below 3835e49e146a4e6e7787b29465f1a23379b6ec44 is affected.
- Version e48354ce078c079996f89d715dfa44814b4eba01 and below 9411a89e9e7135cc459178fa77a3f1d6191ae903 is affected.
- Version 3.1 is affected.
- Before 3.1 is unaffected.
- Version 5.10.250, <= 5.10.* is unaffected.
- Version 5.15.200, <= 5.15.* is unaffected.
- Version 6.1.163, <= 6.1.* is unaffected.
- Version 6.6.124, <= 6.6.* is unaffected.
- Version 6.12.70, <= 6.12.* is unaffected.
- Version 6.18.10, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.