{"id":"CVE-2026-23292","summary":"scsi: target: Fix recursive locking in __configfs_open_file()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, &p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store().  This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n  down_read\n  __configfs_open_file\n  do_dentry_open\n  vfs_open\n  do_open\n  path_openat\n  do_filp_open\n  file_open_name\n  filp_open\n  target_core_item_dbroot_store\n  flush_write_buffer\n  configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.","modified":"2026-04-14T03:48:02.755333Z","published":"2026-03-25T10:26:50.408Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23292.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/142eacb50fb903a4c10dee7e67b6e79ebb36a582"},{"type":"WEB","url":"https://git.kernel.org/stable/c/14d4ac19d1895397532eec407433c5d74d9da53b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3161ef61f121d4573cad5b57c92188dcd9b284b3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4fcfa424a581d823cb1a9676e3eefe6ca17e453a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9a5641024fbfd9b24fe65984ad85fea10a3ae438"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e8ef82cb6443d5f3260b1b830e17f03dda4229ea"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23292.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23292"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b0841eefd9693827afb9888235e26ddd098f9cef"},{"fixed":"3161ef61f121d4573cad5b57c92188dcd9b284b3"},{"fixed":"e8ef82cb6443d5f3260b1b830e17f03dda4229ea"},{"fixed":"4fcfa424a581d823cb1a9676e3eefe6ca17e453a"},{"fixed":"9a5641024fbfd9b24fe65984ad85fea10a3ae438"},{"fixed":"142eacb50fb903a4c10dee7e67b6e79ebb36a582"},{"fixed":"14d4ac19d1895397532eec407433c5d74d9da53b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"49824b5c875087a52672b0c8e8ecbefe6f773532"},{"last_affected":"09e21253d17f53bdb5aac0e0dbd057a29fcbe8d1"},{"last_affected":"0dfc45be875a378c2a3a4d6ed8e668ec8eb75073"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23292.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.3.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23292.json"}}],"schema_version":"1.7.5"}