CVE-2026-23216

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()<br /> <br /> In iscsit_dec_conn_usage_count(), the function calls complete() while<br /> holding the conn-&gt;conn_usage_lock. As soon as complete() is invoked, the<br /> waiter (such as iscsit_close_connection()) may wake up and proceed to free<br /> the iscsit_conn structure.<br /> <br /> If the waiter frees the memory before the current thread reaches<br /> spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function<br /> attempts to release a lock within the already-freed connection structure.<br /> <br /> Fix this by releasing the spinlock before calling complete().