In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connection usage count logic, the waiter signaled by complete() (e.g., in the session release path) may wake up and free the iscsit_session structure immediately. This creates a race condition where the current thread may attempt to execute spin_unlock_bh() on a session structure that has already been deallocated, resulting in a KASAN slab-use-after-free. To resolve this, release the session_usage_lock before calling complete() to ensure all dereferences of the sess pointer are finished before the waiter is allowed to proceed with deallocation.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026021434-CVE-2026-23193-2c6c@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:6153 https://access.redhat.com/errata/RHSA-2026:6153
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:6572 https://access.redhat.com/errata/RHSA-2026:6572
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:6571 https://access.redhat.com/errata/RHSA-2026:6571
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:6632 https://access.redhat.com/errata/RHSA-2026:6632
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:9095 https://access.redhat.com/errata/RHSA-2026:9095
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:9112 https://access.redhat.com/errata/RHSA-2026:9112
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:9870 https://access.redhat.com/errata/RHSA-2026:9870
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:10108 https://access.redhat.com/errata/RHSA-2026:10108
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:10756 https://access.redhat.com/errata/RHSA-2026:10756
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:13664 https://access.redhat.com/errata/RHSA-2026:13664
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:13681 https://access.redhat.com/errata/RHSA-2026:13681
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:13734 https://access.redhat.com/errata/RHSA-2026:13734
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:13936 https://access.redhat.com/errata/RHSA-2026:13936
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:14137 https://access.redhat.com/errata/RHSA-2026:14137
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:14165 https://access.redhat.com/errata/RHSA-2026:14165
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:14301 https://access.redhat.com/errata/RHSA-2026:14301