Bug 2440630 (CVE-2026-23216)
| Summary: | CVE-2026-23216 kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsit_dec_conn_usage_count() function, complete() is called while still holding the conn->conn_usage_lock spinlock. The waiting thread (such as iscsit_close_connection()) may wake up immediately and free the iscsit_conn structure before the current thread executes spin_unlock_bh(), resulting in a use-after-free when attempting to release the lock on already-freed memory.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-02-18 15:02:39 UTC
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23216-6c63@gregkh/T This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:9870 https://access.redhat.com/errata/RHSA-2026:9870 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:10756 https://access.redhat.com/errata/RHSA-2026:10756 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:23237 https://access.redhat.com/errata/RHSA-2026:23237 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:22964 https://access.redhat.com/errata/RHSA-2026:22964 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:25217 https://access.redhat.com/errata/RHSA-2026:25217 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:25218 https://access.redhat.com/errata/RHSA-2026:25218 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Via RHSA-2026:25533 https://access.redhat.com/errata/RHSA-2026:25533 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:26462 https://access.redhat.com/errata/RHSA-2026:26462 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:26515 https://access.redhat.com/errata/RHSA-2026:26515 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:26535 https://access.redhat.com/errata/RHSA-2026:26535 |