{"id":"CVE-2026-23296","summary":"scsi: core: Fix refcount leak for tagset_refcnt","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef","modified":"2026-04-02T13:12:21.695130Z","published":"2026-03-25T10:26:53.509Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23296.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23296.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23296"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506"},{"fixed":"9f5e4abed9248448aa1b45b12ab0bea4d329b56a"},{"fixed":"7c01b680beaf4d3143866b062b8e770e8b237fb8"},{"fixed":"ec5c17c687b189dbc09dfdec11b669caa40bc395"},{"fixed":"944a333c8e4d42256556c1d2ebb6d773a33e0dcd"},{"fixed":"a03d96598d39fdf605d90731db3ef3b13fb8bdc8"},{"fixed":"1ac22c8eae81366101597d48360718dff9b9d980"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"5ce8fad941233e81f2afb5b52a3fcddd3ba8732f"},{"last_affected":"f818708eeeae793e12dc39f8984ed7732048a7d9"},{"last_affected":"2e7eb4c1e8af8385de22775bd0be552f59b28c9a"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23296.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.0.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23296.json"}}],"schema_version":"1.7.5"}