{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23296","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.993Z","datePublished":"2026-03-25T10:26:53.509Z","dateUpdated":"2026-05-11T22:04:08.372Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:04:08.372Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/scsi_scan.c"],"versions":[{"version":"f818708eeeae793e12dc39f8984ed7732048a7d9","lessThan":"0e274674714427dc578bb99db5b86e312d2b57f8","status":"affected","versionType":"git"},{"version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","lessThan":"9f5e4abed9248448aa1b45b12ab0bea4d329b56a","status":"affected","versionType":"git"},{"version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","lessThan":"7c01b680beaf4d3143866b062b8e770e8b237fb8","status":"affected","versionType":"git"},{"version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","lessThan":"ec5c17c687b189dbc09dfdec11b669caa40bc395","status":"affected","versionType":"git"},{"version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","lessThan":"944a333c8e4d42256556c1d2ebb6d773a33e0dcd","status":"affected","versionType":"git"},{"version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","lessThan":"a03d96598d39fdf605d90731db3ef3b13fb8bdc8","status":"affected","versionType":"git"},{"version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","lessThan":"1ac22c8eae81366101597d48360718dff9b9d980","status":"affected","versionType":"git"},{"version":"5ce8fad941233e81f2afb5b52a3fcddd3ba8732f","status":"affected","versionType":"git"},{"version":"2e7eb4c1e8af8385de22775bd0be552f59b28c9a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/scsi_scan.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.17","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.7","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.164","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.12.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.18.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.19.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"7.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.223"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e274674714427dc578bb99db5b86e312d2b57f8"},{"url":"https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a"},{"url":"https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8"},{"url":"https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395"},{"url":"https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd"},{"url":"https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8"},{"url":"https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980"}],"title":"scsi: core: Fix refcount leak for tagset_refcnt","x_generator":{"engine":"bippy-1.2.0"}}}}