-

CVE-2026-23296

EPSS 0.04%
Veröffentlicht 25.03.2026 10:26:53
Zuletzt bearbeitet 18.04.2026 09:16:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

scsi: core: Fix refcount leak for tagset_refcnt

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix refcount leak for tagset_refcnt

This leak will cause a hang when tearing down the SCSI host. For example,
iscsid hangs with the following call trace:

[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured

PID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: "iscsid"
 #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4
 #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f
 #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0
 #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f
 #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b
 #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]
 #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]
 #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]
 #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6
 #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version f818708eeeae793e12dc39f8984ed7732048a7d9

Version < 0e274674714427dc578bb99db5b86e312d2b57f8

Status affected

Version 8fe4ce5836e932f5766317cb651c1ff2a4cd0506

Version < 9f5e4abed9248448aa1b45b12ab0bea4d329b56a

Status affected

Version 8fe4ce5836e932f5766317cb651c1ff2a4cd0506

Version < 7c01b680beaf4d3143866b062b8e770e8b237fb8

Status affected

Version 8fe4ce5836e932f5766317cb651c1ff2a4cd0506

Version < ec5c17c687b189dbc09dfdec11b669caa40bc395

Status affected

Version 8fe4ce5836e932f5766317cb651c1ff2a4cd0506

Version < 944a333c8e4d42256556c1d2ebb6d773a33e0dcd

Status affected

Version 8fe4ce5836e932f5766317cb651c1ff2a4cd0506

Version < a03d96598d39fdf605d90731db3ef3b13fb8bdc8

Status affected

Version 8fe4ce5836e932f5766317cb651c1ff2a4cd0506

Version < 1ac22c8eae81366101597d48360718dff9b9d980

Status affected

Version 5ce8fad941233e81f2afb5b52a3fcddd3ba8732f

Status affected

Version 2e7eb4c1e8af8385de22775bd0be552f59b28c9a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version 0

Version < 6.0

Status unaffected

Version <= 5.15.*

Version 5.15.203

Status unaffected

Version <= 6.1.*

Version 6.1.167

Status unaffected

Version <= 6.6.*

Version 6.6.130

Status unaffected

Version <= 6.12.*

Version 6.12.77

Status unaffected

Version <= 6.18.*

Version 6.18.17

Status unaffected

Version <= 6.19.*

Version 6.19.7

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a

https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8

https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395

https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd

https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8

https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980

https://git.kernel.org/stable/c/0e274674714427dc578bb99db5b86e312d2b57f8

https://nvd.nist.gov/vuln/detail/CVE-2026-23296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23296

EUVD