CVE-2026-23292

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to recursive locking within the configfs open file() function. Specifically, the issue occurs when the flush write buffer function acquires the frag sem semaphore and then calls the target core item dbroot store() function, which attempts to open the same configfs file using filp open(). This leads to a nested semaphore acquisition and a potential for recursive locking. The target core item dbroot store() function attempts to validate a new file path by opening it, but in this case, it tries to open the same configfs file it is currently working on, resulting in an error message: 'db root: not a directory: /sys/kernel/config/target/dbroot'. The issue is addressed by modifying target core item dbroot store() to use kern path() instead of filp open() to avoid the problematic filesystem-specific function call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.