CVE-2026-23216 - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

CVE ID : CVE-2026-23216 Published : Feb. 18, 2026, 3:18 p.m. | 41 minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete(). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...