CVE-2026-23165 - Vulnerability Details

- sfc: fix deadlock in RSS config read

Description

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix deadlock in RSS config read

Since cited commit, core locks the net_device's rss_lock when handling
ethtool -x command, so driver's implementation should not lock it
again. Remove the latter.

Published: 2026-02-14

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability manifests as a deadlock that occurs when the kernel handles the ethtool ‑x command for the SFC (Solarflare) driver. During the configuration read the net_device rss_lock is held by the core routine, yet driver code attempts to lock it again. This double‑lock situation can cause the kernel to stall, potentially freezing network operations and impacting system availability. The weakness is identified as a deadlock (CWE‑667).

Affected Systems

All Linux kernel builds that include the SFC driver prior to the patch, notably the 6.19 release candidates (rc1 through rc7) and any derivative kernels that use the same code path. No CVE‑specific version number is listed beyond the rc range, so any kernel compiled from sources before the provided commit may be vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity. The EPSS score is below 1%, suggesting a very low probability of exploitation in the wild. The vulnerability is not in the CISA KEV catalog, further implying limited current exploitation. Triggering the ethtool ‑x command could induce the deadlock, resulting in service disruption rather than a traditional remote code execution. The risk remains moderate but is mitigated by the low exploitation likelihood.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`040cef30b5e67271e3193e0206f82b206fc97095`	affected	< 590c8179ffb01c17644181408821b55b8704c50c
`040cef30b5e67271e3193e0206f82b206fc97095`	affected	< 944c614b0a7afa5b87612c3fb557b95a50ad654c

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.9`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

—

Version	Status	Scheme	Platform
`[040cef30b5e67271e3193e0206f82b206fc97095,590c8179ffb01c17644181408821b55b8704c50c)`	affected	code_commit	—
`[040cef30b5e67271e3193e0206f82b206fc97095,944c614b0a7afa5b87612c3fb557b95a50ad654c)`	affected	code_commit	—

Linux

Linux Kernel

—

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	semver	—
`[6.18.9,6.19.0)`	unaffected	semver	—
`[6.19,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a version that contains the commit 590c8179ffb01c17644181408821b55b8704c50c and 944c614b0a7afa5b87612c3fb557b95a50ad654c applied, or backport the patch to the affected build.
If an immediate kernel upgrade is not possible, rebuild the affected SFC driver module without the additional rss_lock acquisition introduced before the fix.
Ensure the net_device use of rss_lock is consistent with the kernel core routine, and consider disabling or re‑configuring ethtool ‑x usage for the affected interfaces until a patched kernel is available.

Generated by OpenCVE AI on April 18, 2026 at 18:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/590c8179ffb01c17644181408821b55b8704c50c
https://git.kernel.org/stable/c/944c614b0a7afa5b87612c3fb557b95a50ad654c
https://lore.kernel.org/linux-cve-announce/2026021419-CVE-2026-23165-3437@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23165
https://www.cve.org/CVERecord?id=CVE-2026-23165

History

Wed, 18 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 17 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021419-CVE-2026-23165-3437@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23165 https://www.cve.org/CVERecord?id=CVE-2026-23165
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Sat, 14 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: sfc: fix deadlock in RSS config read Since cited commit, core locks the net_device's rss_lock when handling ethtool -x command, so driver's implementation should not lock it again. Remove the latter.
Title		sfc: fix deadlock in RSS config read
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/590c8179ffb01c17644181408821b55b8704c50c https://git.kernel.org/stable/c/944c614b0a7afa5b87612c3fb557b95a50ad654c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T16:01:29.336Z

Updated: 2026-02-14T16:01:29.336Z

Reserved: 2026-01-13T15:37:45.981Z

Link: CVE-2026-23165

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-14T16:15:56.693

Modified: 2026-03-18T15:02:51.063

Link: CVE-2026-23165

Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23165 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses

CWE-667

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object