Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel: Fix data corruption when using iSCSI connections
CVE-2026-23216
Summary
An issue with the Linux kernel's iSCSI connection handling could cause data corruption. This has been fixed in a recent update, so you should ensure your Linux system is up to date to avoid potential problems. If you're using iSCSI connections, apply the latest kernel patch or update to resolve the issue.
Original title
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In iscsit_dec_conn_usage_count(), the function calls c...
Original description
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In iscsit_dec_conn_usage_count(), the function calls complete() while
holding the conn->conn_usage_lock. As soon as complete() is invoked, the
waiter (such as iscsit_close_connection()) may wake up and proceed to free
the iscsit_conn structure.
If the waiter frees the memory before the current thread reaches
spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function
attempts to release a lock within the already-freed connection structure.
Fix this by releasing the spinlock before calling complete().
scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In iscsit_dec_conn_usage_count(), the function calls complete() while
holding the conn->conn_usage_lock. As soon as complete() is invoked, the
waiter (such as iscsit_close_connection()) may wake up and proceed to free
the iscsit_conn structure.
If the waiter frees the memory before the current thread reaches
spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function
attempts to release a lock within the already-freed connection structure.
Fix this by releasing the spinlock before calling complete().
- https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110
- https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44
- https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3
- https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f
- https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75
- https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903
- https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026