CVE-2026-23216
Linux Kernel - Use After Free
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete().
References (7)
Scores
EPSS
0.0003
EPSS Percentile
8.9%
Classification
Status
draft
Affected Products (6)
linux/Kernel
< 5.10.250linux
linux/Kernel
< 5.15.200linux
linux/Kernel
< 6.1.163linux
linux/Kernel
< 6.6.124linux
linux/Kernel
< 6.12.70linux
linux/Kernel
< 6.18.10linux
Timeline
Published
Feb 18, 2026
Tracked Since
Feb 18, 2026