CVE-2026-23193
Severity
7.8HIGH
EPSS
0.0%
top 91.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
In iscsit_dec_session_usage_count(), the function calls complete() while
holding the sess->session_usage_lock. Similar to the connection usage count
logic, the waiter signaled by complete() (e.g., in the session release
path) may wake up and free the iscsit_session structure immediately.
This creates a race condition where the current thread may attem…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5linux/linuxe48354ce078c079996f89d715dfa44814b4eba01 — 2b64015550a13bcc72910be0565548d9a754d46d+7
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-fccp-g2rw-8q2g: In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
In i↗2026-02-14
OSV▶
CVE-2026-23193: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In isc↗2026-02-14
📋Vendor Advisories
2🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-23193 kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()↗2026-02-14