{"api_version":"1","generated_at":"2026-04-19T01:16:18+00:00","cve":"CVE-2026-23296","urls":{"html":"https://cve.report/CVE-2026-23296","api":"https://cve.report/api/cve/CVE-2026-23296.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-23296","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-23296"},"summary":{"title":"scsi: core: Fix refcount leak for tagset_refcnt","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef","state":"PUBLISHED","assigner":"Linux","published_at":"2026-03-25 11:16:24","updated_at":"2026-04-18 09:16:17"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8","name":"https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0e274674714427dc578bb99db5b86e312d2b57f8","name":"https://git.kernel.org/stable/c/0e274674714427dc578bb99db5b86e312d2b57f8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a","name":"https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980","name":"https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8","name":"https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395","name":"https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd","name":"https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-23296","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23296","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected f818708eeeae793e12dc39f8984ed7732048a7d9 0e274674714427dc578bb99db5b86e312d2b57f8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 9f5e4abed9248448aa1b45b12ab0bea4d329b56a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 7c01b680beaf4d3143866b062b8e770e8b237fb8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 ec5c17c687b189dbc09dfdec11b669caa40bc395 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 944a333c8e4d42256556c1d2ebb6d773a33e0dcd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 a03d96598d39fdf605d90731db3ef3b13fb8bdc8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 1ac22c8eae81366101597d48360718dff9b9d980 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5ce8fad941233e81f2afb5b52a3fcddd3ba8732f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2e7eb4c1e8af8385de22775bd0be552f59b28c9a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.0","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.0 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.167 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.130 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.77 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.17 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.7 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"23296","cve":"CVE-2026-23296","epss":"0.000320000","percentile":"0.090980000","score_date":"2026-04-18","updated_at":"2026-04-19 00:10:43"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/scsi/scsi_scan.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"0e274674714427dc578bb99db5b86e312d2b57f8","status":"affected","version":"f818708eeeae793e12dc39f8984ed7732048a7d9","versionType":"git"},{"lessThan":"9f5e4abed9248448aa1b45b12ab0bea4d329b56a","status":"affected","version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","versionType":"git"},{"lessThan":"7c01b680beaf4d3143866b062b8e770e8b237fb8","status":"affected","version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","versionType":"git"},{"lessThan":"ec5c17c687b189dbc09dfdec11b669caa40bc395","status":"affected","version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","versionType":"git"},{"lessThan":"944a333c8e4d42256556c1d2ebb6d773a33e0dcd","status":"affected","version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","versionType":"git"},{"lessThan":"a03d96598d39fdf605d90731db3ef3b13fb8bdc8","status":"affected","version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","versionType":"git"},{"lessThan":"1ac22c8eae81366101597d48360718dff9b9d980","status":"affected","version":"8fe4ce5836e932f5766317cb651c1ff2a4cd0506","versionType":"git"},{"status":"affected","version":"5ce8fad941233e81f2afb5b52a3fcddd3ba8732f","versionType":"git"},{"status":"affected","version":"2e7eb4c1e8af8385de22775bd0be552f59b28c9a","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/scsi/scsi_scan.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.0"},{"lessThan":"6.0","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.167","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.130","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.77","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.17","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.7","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"5.15.164","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.167","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.130","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.77","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.17","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.7","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.223","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef"}],"providerMetadata":{"dateUpdated":"2026-04-18T08:57:44.862Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/0e274674714427dc578bb99db5b86e312d2b57f8"},{"url":"https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a"},{"url":"https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8"},{"url":"https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395"},{"url":"https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd"},{"url":"https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8"},{"url":"https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980"}],"title":"scsi: core: Fix refcount leak for tagset_refcnt","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-23296","datePublished":"2026-03-25T10:26:53.509Z","dateReserved":"2026-01-13T15:37:45.993Z","dateUpdated":"2026-04-18T08:57:44.862Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-25 11:16:24","lastModifiedDate":"2026-04-18 09:16:17","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"23296","Ordinal":"1","Title":"scsi: core: Fix refcount leak for tagset_refcnt","CVE":"CVE-2026-23296","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"23296","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528     TASK: ffff9d0408974e00  CPU: 3    COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef","Type":"Description","Title":"scsi: core: Fix refcount leak for tagset_refcnt"}]}}}