CVE-2026-23292Multiple Locks of a Critical Resource in Linux

CWE-764Multiple Locks of a Critical Resource8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded store function is called, which, here, is target_core_item_dbroot_store(). This function called filp_open(), following which these functions were called (in reverse order), according to the call trace: down_read __configfs_open_file do_dentry_open vfs_open do_open path_openat do_filp_open file_open

Affected Packages5 packages

Linuxlinux/linux_kernel5.3.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxb0841eefd9693827afb9888235e26ddd098f9cef3161ef61f121d4573cad5b57c92188dcd9b284b3+9
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
scsi: target: Fix recursive locking in __configfs_open_file()2026-03-25
OSV
CVE-2026-23292: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffe2026-03-25
GHSA
GHSA-55fh-fmpq-w8h6: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buf2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: scsi: target: Fix recursive locking in __configfs_open_file()2026-03-25
Microsoft
scsi: target: Fix recursive locking in __configfs_open_file()2026-03-10
Debian
CVE-2026-23292: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: targe...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23292 Impact, Exploitability, and Mitigation Steps | Wiz