CVE-2026-23292
MEDIUMDescription
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded store function is called, which, here, is target_core_item_dbroot_store(). This function called filp_open(), following which these functions were called (in reverse order), according to the call trace: down_read __configfs_open_file do_dentry_open vfs_open do_open path_openat do_filp_open file_open_name filp_open target_core_item_dbroot_store flush_write_buffer configfs_write_iter target_core_item_dbroot_store() tries to validate the new file path by trying to open the file path provided to it; however, in this case, the bug report shows: db_root: not a directory: /sys/kernel/config/target/dbroot indicating that the same configfs file was tried to be opened, on which it is currently working on. Thus, it is trying to acquire frag_sem semaphore of the same file of which it already holds the semaphore obtained in flush_write_buffer(), leading to acquiring the semaphore in a nested manner and a possibility of recursive locking. Fix this by modifying target_core_item_dbroot_store() to use kern_path() instead of filp_open() to avoid opening the file using filesystem-specific function __configfs_open_file(), and further modifying it to make this fix compatible.
How to fix
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploit Intelligence
Low risk: more likely to be exploited than 2% of all known CVEs.
References
Related Vulnerabilities
Other CWE-674 vulnerabilities, ordered by exploit likelihood. View all
| CVE | Severity | CVSS | EPSS | Exploited | Fix |
|---|---|---|---|---|---|
| CVE-2021-45105 | Medium | 5.9 | 100% | - | Fix |
| CVE-2024-25111 | High | 8.6 | 65% | - | Fix |
| CVE-2023-50269 | High | 8.6 | 58% | - | Fix |
| CVE-2021-42697 | High | 7.5 | 36% | - | Fix |
| CVE-2018-0739 | Medium | 6.5 | 19% | - | Fix |
| CVE-2007-1285 | High | 7.5 | 18% | - | Fix |
Embed a live status badge for CVE-2026-23292
Markdown
[](https://tridentstack.com/cve/CVE-2026-23292)HTML
<a href="https://tridentstack.com/cve/CVE-2026-23292"><img src="https://tridentstack.com/cve/badge/CVE-2026-23292.svg" alt="CVE-2026-23292"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-27.