CVE-2026-23296Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: [130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured PID: 2528 TASK: ffff9d0408974e00 CPU: 3 COMMAND: "iscsid" #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4 #1 [ffffb5b9c134ba28] schedule at f

Affected Packages5 packages

Linuxlinux/linux_kernel6.0.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux8fe4ce5836e932f5766317cb651c1ff2a4cd05069f5e4abed9248448aa1b45b12ab0bea4d329b56a+9
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
scsi: core: Fix refcount leak for tagset_refcnt2026-03-25
GHSA
GHSA-xvv5-hhxw-j52w: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when2026-03-25
OSV
CVE-2026-23296: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when t2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: scsi: core: Fix refcount leak for tagset_refcnt2026-03-25
Microsoft
scsi: core: Fix refcount leak for tagset_refcnt2026-03-10
Debian
CVE-2026-23296: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: core:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23296 Impact, Exploitability, and Mitigation Steps | Wiz