Use-After-Free Vulnerability in Linux Kernel SCSI Target.
CVE-2026-23216

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 February 2026

What is CVE-2026-23216?

A use-after-free vulnerability has been found in the Linux kernel's SCSI target implementation. Specifically, during the operation of ‘iscsit_dec_conn_usage_count()’, a critical flaw arises when the function calls 'complete()' while still holding the connection usage lock. If the execution flow permits the waiter, such as 'iscsit_close_connection()', to free the associated iscsit_conn structure too early, it can lead to a KASAN slab-use-after-free scenario. The proper resolution involves releasing the spinlock before invoking the complete function, ensuring the integrity of the connection structure and preventing unauthorized memory access. It is crucial for operators and system administrators to stay updated and apply the necessary patches to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux e48354ce078c079996f89d715dfa44814b4eba01

Linux e48354ce078c079996f89d715dfa44814b4eba01 < 8518f072fc92921418cd9ed4268dd4f3e9a8fd75

Linux e48354ce078c079996f89d715dfa44814b4eba01 < 275016a551ba1a068a3bd6171b18611726b67110

References

https://git.kernel.org/stable/c/ba684191437380a07b27666eb...
https://git.kernel.org/stable/c/8518f072fc92921418cd9ed42...
https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.