{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23054", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.951Z", "datePublished": "2026-02-04T16:04:23.396Z", "dateUpdated": "2026-05-11T21:59:06.685Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:06.685Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/hyperv/netvsc_drv.c"], "versions": [{"version": "962f3fee83a4ef9010ae84dc43ae7aecb572e2a9", "lessThan": "8288136f508e78eb3563e7073975999cf225a2f9", "status": "affected", "versionType": "git"}, {"version": "962f3fee83a4ef9010ae84dc43ae7aecb572e2a9", "lessThan": "82c9039c8ebb715753a40434df714f865a3aec9c", "status": "affected", "versionType": "git"}, {"version": "962f3fee83a4ef9010ae84dc43ae7aecb572e2a9", "lessThan": "4cd55c609e85ae2313248ef1a33619a3eef44a16", "status": "affected", "versionType": "git"}, {"version": "962f3fee83a4ef9010ae84dc43ae7aecb572e2a9", "lessThan": "11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3", "status": "affected", "versionType": "git"}, {"version": "962f3fee83a4ef9010ae84dc43ae7aecb572e2a9", "lessThan": "d23564955811da493f34412d7de60fa268c8cb50", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/hyperv/netvsc_drv.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9"}, {"url": "https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c"}, {"url": "https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16"}, {"url": "https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3"}, {"url": "https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50"}], "title": "net: hv_netvsc: reject RSS hash key programming without RX indirection table", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: hv_netvsc: rechazar la programaci\u00f3n de clave hash RSS sin tabla de indirecci\u00f3n RX\n\nLa configuraci\u00f3n de RSS requiere una tabla de indirecci\u00f3n RX v\u00e1lida. Cuando el dispositivo informa una \u00fanica cola de recepci\u00f3n, rndis_filter_device_add() no asigna una tabla de indirecci\u00f3n; aceptar actualizaciones de clave hash RSS en este estado lleva a un cuelgue.\n\nSolucionar esto al restringir netvsc_set_rxfh() en ndc->rx_table_sz y devolver -EOPNOTSUPP cuando la tabla est\u00e1 ausente. Esto alinea set_rxfh con las capacidades del dispositivo y previene un comportamiento incorrecto."}], "id": "CVE-2026-23054", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-02-04T17:16:16.070", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: net: hv_netvsc: reject RSS hash key programming without RX indirection table", "id": "2436818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436818"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23054", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23054\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23054\nhttps://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23054-3712@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-17T23:45:23.879998+00:00", "value": {"mitigation_remediation": ["Apply the latest kernel update that contains the fix for CVE-2026-23054.", "If a patch is not yet available, configure the hypervisor or virtual NIC settings to prevent RSS hash key updates when the device reports a single receive queue. ", "Monitor system logs for kernel hang events or errors that might indicate an attempt to exploit the driver, and investigate any suspicious activity promptly."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (Kernel Hang)"}, "threat_synthesis": {"affected_systems": "All Linux kernels that ship the unpatched hv_netvsc driver are affected. The issue applies to any distribution or virtual machine environment using the Hyper\u2011V network virtualization stack. No specific distribution or kernel version is listed, so administrators should verify whether their current kernel contains the patch before relying on the potential impact.", "description_and_impact": "The Linux kernel's hv_netvsc network driver accepts RSS hash key configuration updates without verifying the existence of an RX indirection table when the device reports only a single receive queue. This oversight can cause the kernel to hang, leading to an outage of the operating system or services running on it. The flaw does not enable arbitrary code execution but effectively disrupts system availability.", "risk_and_exploitability": "The CVSS base score of 7.0 indicates a high impact, while the EPSS probability of less than 1% and absence from the CISA KEV catalog show a low likelihood of active exploitation. Attackers would need to send an RSS hash key update to the virtual NIC, which typically requires network or administrative access. If triggered, the kernel hang leads to a denial of service that can be mitigated by applying the vendor patch or disabling RSS programming for devices lacking an indirection table."}}}}, "created": "2026-04-17T23:45:25.814497+00:00", "updated": "2026-04-17T23:45:25.814506+00:00", "vendors": [], "weaknesses": ["CWE-704"]}