{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23292","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.992Z","datePublished":"2026-03-25T10:26:50.408Z","dateUpdated":"2026-05-11T22:04:03.492Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:04:03.492Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, &p->frag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store().  This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n  down_read\n  __configfs_open_file\n  do_dentry_open\n  vfs_open\n  do_open\n  path_openat\n  do_filp_open\n  file_open_name\n  filp_open\n  target_core_item_dbroot_store\n  flush_write_buffer\n  configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_configfs.c"],"versions":[{"version":"b0841eefd9693827afb9888235e26ddd098f9cef","lessThan":"3161ef61f121d4573cad5b57c92188dcd9b284b3","status":"affected","versionType":"git"},{"version":"b0841eefd9693827afb9888235e26ddd098f9cef","lessThan":"e8ef82cb6443d5f3260b1b830e17f03dda4229ea","status":"affected","versionType":"git"},{"version":"b0841eefd9693827afb9888235e26ddd098f9cef","lessThan":"4fcfa424a581d823cb1a9676e3eefe6ca17e453a","status":"affected","versionType":"git"},{"version":"b0841eefd9693827afb9888235e26ddd098f9cef","lessThan":"9a5641024fbfd9b24fe65984ad85fea10a3ae438","status":"affected","versionType":"git"},{"version":"b0841eefd9693827afb9888235e26ddd098f9cef","lessThan":"142eacb50fb903a4c10dee7e67b6e79ebb36a582","status":"affected","versionType":"git"},{"version":"b0841eefd9693827afb9888235e26ddd098f9cef","lessThan":"14d4ac19d1895397532eec407433c5d74d9da53b","status":"affected","versionType":"git"},{"version":"49824b5c875087a52672b0c8e8ecbefe6f773532","status":"affected","versionType":"git"},{"version":"09e21253d17f53bdb5aac0e0dbd057a29fcbe8d1","status":"affected","versionType":"git"},{"version":"0dfc45be875a378c2a3a4d6ed8e668ec8eb75073","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_configfs.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.17","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.7","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.18.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.19.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"7.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.201"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.154"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.84"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3161ef61f121d4573cad5b57c92188dcd9b284b3"},{"url":"https://git.kernel.org/stable/c/e8ef82cb6443d5f3260b1b830e17f03dda4229ea"},{"url":"https://git.kernel.org/stable/c/4fcfa424a581d823cb1a9676e3eefe6ca17e453a"},{"url":"https://git.kernel.org/stable/c/9a5641024fbfd9b24fe65984ad85fea10a3ae438"},{"url":"https://git.kernel.org/stable/c/142eacb50fb903a4c10dee7e67b6e79ebb36a582"},{"url":"https://git.kernel.org/stable/c/14d4ac19d1895397532eec407433c5d74d9da53b"}],"title":"scsi: target: Fix recursive locking in __configfs_open_file()","x_generator":{"engine":"bippy-1.2.0"}}}}