CVE-2026-23296
Analyzed Analyzed - Analysis Complete
Reference Count Leak in Linux SCSI Core Causes Host Hang

Publication date: 2026-03-25

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: [130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured PID: 2528 TASK: ffff9d0408974e00 CPU: 3 COMMAND: "iscsid" #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4 #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0 #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp] #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi] #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi] #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6 #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23296
EUVD
EUVD-2026-15230
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.0
linux linux_kernel 6.0
linux linux_kernel 6.0
linux linux_kernel 6.0
linux linux_kernel From 5.10.223 (inc) to 5.11 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 6.0.1 (inc) to 6.1.167 (exc)
linux linux_kernel From 5.15.164 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.19.12 (inc) to 6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a reference count leak in the Linux kernel's SCSI core, specifically related to the tagset_refcnt. The leak causes a hang when tearing down the SCSI host, which can lead to processes like iscsid becoming unresponsive.

The issue manifests as an allocation failure during SCSI scanning, preventing some SCSI devices from being configured properly.

Impact Analysis

This vulnerability can cause system hangs during the teardown of SCSI hosts, which may result in processes such as iscsid hanging and failing to manage SCSI devices correctly.

As a result, some SCSI devices might not be configured or accessible, potentially impacting system stability and availability of storage devices.

Detection Guidance

This vulnerability causes a reference count leak in the SCSI core, which leads to a hang when tearing down the SCSI host. One observable symptom is that the iscsid process hangs, and the kernel logs show messages like "scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured."

To detect this issue on your system, you can monitor the kernel logs for such error messages and check if the iscsid process is hanging.

  • Use the command: dmesg | grep 'scsi_alloc_sdev' to look for allocation failure messages.
  • Check if the iscsid process is unresponsive or stuck using: ps aux | grep iscsid
  • Examine the kernel call trace in logs around the time of the hang for references to scsi_remove_host or iscsi_tcp modules.
Mitigation Strategies

The vulnerability has been resolved by fixing the reference count leak in the SCSI core. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

Until the kernel is updated, you may experience hangs during SCSI host teardown, especially affecting iscsid. As a temporary measure, avoid restarting or tearing down SCSI hosts or iSCSI sessions unnecessarily.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23296. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart