SB20260325164 - On-Chip Debug and Test Interface With Improper Access Control in Linux kernel target driver
Published: March 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) On-Chip Debug and Test Interface With Improper Access Control (CVE-ID: CVE-2026-23292)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper locking mechanism in the SCSI target subsystem when handling configuration file writes. A local user can provide a specially crafted configuration input to cause recursive semaphore locking, leading to a system crash or hang.
Exploitation requires access to the target's configuration filesystem (configfs) and the ability to write to the db_root parameter. No additional privileges beyond standard configfs access are required.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/142eacb50fb903a4c10dee7e67b6e79ebb36a582
- https://git.kernel.org/stable/c/14d4ac19d1895397532eec407433c5d74d9da53b
- https://git.kernel.org/stable/c/3161ef61f121d4573cad5b57c92188dcd9b284b3
- https://git.kernel.org/stable/c/4fcfa424a581d823cb1a9676e3eefe6ca17e453a
- https://git.kernel.org/stable/c/9a5641024fbfd9b24fe65984ad85fea10a3ae438
- https://git.kernel.org/stable/c/e8ef82cb6443d5f3260b1b830e17f03dda4229ea