CVE-2026-23054 - Vulnerability Details

- net: hv_netvsc: reject RSS hash key programming without RX indirection table

Description

In the Linux kernel, the following vulnerability has been resolved:

net: hv_netvsc: reject RSS hash key programming without RX indirection table

RSS configuration requires a valid RX indirection table. When the device
reports a single receive queue, rndis_filter_device_add() does not
allocate an indirection table, accepting RSS hash key updates in this
state leads to a hang.

Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return
-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device
capabilities and prevents incorrect behavior.

Published: 2026-02-04

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel's hv_netvsc network driver accepts RSS hash key configuration updates without verifying the existence of an RX indirection table when the device reports only a single receive queue. This oversight can cause the kernel to hang, leading to an outage of the operating system or services running on it. The flaw does not enable arbitrary code execution but effectively disrupts system availability.

Affected Systems

All Linux kernels that ship the unpatched hv_netvsc driver are affected. The issue applies to any distribution or virtual machine environment using the Hyper‑V network virtualization stack. No specific distribution or kernel version is listed, so administrators should verify whether their current kernel contains the patch before relying on the potential impact.

Risk and Exploitability

The CVSS base score of 7.0 indicates a high impact, while the EPSS probability of less than 1% and absence from the CISA KEV catalog show a low likelihood of active exploitation. Attackers would need to send an RSS hash key update to the virtual NIC, which typically requires network or administrative access. If triggered, the kernel hang leads to a denial of service that can be mitigated by applying the vendor patch or disabling RSS programming for devices lacking an indirection table.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`962f3fee83a4ef9010ae84dc43ae7aecb572e2a9`	affected	< 8288136f508e78eb3563e7073975999cf225a2f9
`962f3fee83a4ef9010ae84dc43ae7aecb572e2a9`	affected	< 82c9039c8ebb715753a40434df714f865a3aec9c
`962f3fee83a4ef9010ae84dc43ae7aecb572e2a9`	affected	< 4cd55c609e85ae2313248ef1a33619a3eef44a16
`962f3fee83a4ef9010ae84dc43ae7aecb572e2a9`	affected	< 11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3
`962f3fee83a4ef9010ae84dc43ae7aecb572e2a9`	affected	< d23564955811da493f34412d7de60fa268c8cb50

Linux

affected

Version	Status	Constraints
`4.11`	affected	—
`0`	unaffected	< 4.11
`6.1.162`	unaffected	≤ 6.1.*
`6.6.122`	unaffected	≤ 6.6.*
`6.12.67`	unaffected	≤ 6.12.*
`6.18.7`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest kernel update that contains the fix for CVE-2026-23054.
If a patch is not yet available, configure the hypervisor or virtual NIC settings to prevent RSS hash key updates when the device reports a single receive queue.
Monitor system logs for kernel hang events or errors that might indicate an attempt to exploit the driver, and investigate any suspicious activity promptly.

Generated by OpenCVE AI on April 17, 2026 at 23:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3
https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16
https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9
https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c
https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50
https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23054-3712@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23054
https://www.cve.org/CVERecord?id=CVE-2026-23054

History

Sat, 18 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-704

Fri, 06 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9

Thu, 05 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23054-3712@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23054 https://www.cve.org/CVERecord?id=CVE-2026-23054
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Low`

Wed, 04 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table, accepting RSS hash key updates in this state leads to a hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return -EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device capabilities and prevents incorrect behavior.
Title		net: hv_netvsc: reject RSS hash key programming without RX indirection table
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3 https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16 https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-04T16:04:23.396Z

Updated: 2026-02-09T08:37:52.262Z

Reserved: 2026-01-13T15:37:45.951Z

Link: CVE-2026-23054

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-02-04T17:16:16.070

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23054

Redhat

Severity : Low

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23054 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses

CWE-704

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object