5.5

CVE-2026-23296

scsi: core: Fix refcount leak for tagset_refcnt

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix refcount leak for tagset_refcnt

This leak will cause a hang when tearing down the SCSI host. For example,
iscsid hangs with the following call trace:

[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured

PID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: "iscsid"
 #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4
 #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f
 #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0
 #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f
 #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b
 #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]
 #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]
 #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]
 #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6
 #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.223 < 5.11
LinuxLinux Kernel Version >= 5.15.164 < 5.15.203
LinuxLinux Kernel Version >= 5.19.12 < 6.0
LinuxLinux Kernel Version >= 6.0.1 < 6.1.167
LinuxLinux Kernel Version >= 6.2 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.77
LinuxLinux Kernel Version >= 6.13 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version6.0 Update-
LinuxLinux Kernel Version6.0 Updaterc5
LinuxLinux Kernel Version6.0 Updaterc6
LinuxLinux Kernel Version6.0 Updaterc7
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a
Patch
https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8
Patch
https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395
Patch
https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd
Patch
https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8
Patch
https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980
Patch
https://git.kernel.org/stable/c/0e274674714427dc578bb99db5b86e312d2b57f8
Patch