CVE-2026-23193

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()<br /> <br /> In iscsit_dec_session_usage_count(), the function calls complete() while<br /> holding the sess-&gt;session_usage_lock. Similar to the connection usage count<br /> logic, the waiter signaled by complete() (e.g., in the session release<br /> path) may wake up and free the iscsit_session structure immediately.<br /> <br /> This creates a race condition where the current thread may attempt to<br /> execute spin_unlock_bh() on a session structure that has already been<br /> deallocated, resulting in a KASAN slab-use-after-free.<br /> <br /> To resolve this, release the session_usage_lock before calling complete()<br /> to ensure all dereferences of the sess pointer are finished before the<br /> waiter is allowed to proceed with deallocation.