Login Sign Up

CVE-2026-23216

N/A Unknown
Denial of Service

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's iSCSI target subsystem. It allows local attackers with access to iSCSI connections to potentially crash the kernel or execute arbitrary code. Systems using the iSCSI target functionality in affected kernel versions are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches exist for multiple stable branches.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if iSCSI target subsystem is enabled and in use. Many systems may not have this functionality active.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Kernel crash causing system instability or denial of service.

🟢

If Mitigated

Limited impact if iSCSI target functionality is disabled or unused.

🌐 Internet-Facing: LOW - Requires local access to iSCSI connections, not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Requires local access to iSCSI target subsystem, which may be available to privileged users or services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to interact with iSCSI target subsystem. Race condition exploitation adds complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes available (see references)

Vendor Advisory: https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110

Restart Required: Yes

Instructions:

1. Update to patched kernel version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable iSCSI target subsystem

linux

If iSCSI target functionality is not needed, disable it to remove attack surface.

modprobe -r target_core_mod iscsi_target_mod
echo 'blacklist target_core_mod' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist iscsi_target_mod' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict access to iSCSI target subsystem to trusted users only
  • Monitor system logs for kernel crashes or unusual iSCSI activity

🔍 How to Verify

Check if Vulnerable:

Check if iSCSI target modules are loaded: lsmod | grep -E 'target_core_mod|iscsi_target_mod'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from references: uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN slab-use-after-free reports in dmesg
  • iSCSI connection errors

Network Indicators:

  • Unusual iSCSI connection patterns
  • Multiple iSCSI connection attempts

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "slab") AND "iscsi"

📊 Metadata

CVE ID: CVE-2026-23216
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON