{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23296", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.993Z", "datePublished": "2026-03-25T10:26:53.509Z", "dateUpdated": "2026-03-25T10:26:53.509Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:53.509Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528 TASK: ffff9d0408974e00 CPU: 3 COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/scsi_scan.c"], "versions": [{"version": "8fe4ce5836e932f5766317cb651c1ff2a4cd0506", "lessThan": "9f5e4abed9248448aa1b45b12ab0bea4d329b56a", "status": "affected", "versionType": "git"}, {"version": "8fe4ce5836e932f5766317cb651c1ff2a4cd0506", "lessThan": "7c01b680beaf4d3143866b062b8e770e8b237fb8", "status": "affected", "versionType": "git"}, {"version": "8fe4ce5836e932f5766317cb651c1ff2a4cd0506", "lessThan": "ec5c17c687b189dbc09dfdec11b669caa40bc395", "status": "affected", "versionType": "git"}, {"version": "8fe4ce5836e932f5766317cb651c1ff2a4cd0506", "lessThan": "944a333c8e4d42256556c1d2ebb6d773a33e0dcd", "status": "affected", "versionType": "git"}, {"version": "8fe4ce5836e932f5766317cb651c1ff2a4cd0506", "lessThan": "a03d96598d39fdf605d90731db3ef3b13fb8bdc8", "status": "affected", "versionType": "git"}, {"version": "8fe4ce5836e932f5766317cb651c1ff2a4cd0506", "lessThan": "1ac22c8eae81366101597d48360718dff9b9d980", "status": "affected", "versionType": "git"}, {"version": "5ce8fad941233e81f2afb5b52a3fcddd3ba8732f", "status": "affected", "versionType": "git"}, {"version": "f818708eeeae793e12dc39f8984ed7732048a7d9", "status": "affected", "versionType": "git"}, {"version": "2e7eb4c1e8af8385de22775bd0be552f59b28c9a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/scsi_scan.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "7.0-rc3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.223"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.164"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a"}, {"url": "https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8"}, {"url": "https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395"}, {"url": "https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd"}, {"url": "https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8"}, {"url": "https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980"}], "title": "scsi: core: Fix refcount leak for tagset_refcnt", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528 TASK: ffff9d0408974e00 CPU: 3 COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef"}], "id": "CVE-2026-23296", "lastModified": "2026-03-25T11:16:24.980", "metrics": {}, "published": "2026-03-25T11:16:24.980", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}