Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: virtio - Add spinlock protection with virtqueue notification

When VM boots with one virtio-crypto PCI device and builtin backend,
run openssl benchmark command with multiple processes, such as
openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32

openssl processes will hangup and there is error reported like this:
virtio_crypto virtio0: dataq.0:id 3 is not a head!

It seems that the data virtqueue need protection when it is handled
for virtio done notification. If the spinlock protection is added
in virtcrypto_done_task(), openssl benchmark with multiple processes
works well.
Published: 2026-02-18
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via process hang and error in virtio-crypto virtqueue
Action: Apply Patch
AI Analysis

Impact

The vulnerability originates from a missing spinlock around the virtqueue used by virtio-crypto. When a virtual machine boots with a virtio-crypto PCI device and the builtin backend is active, running multiple OpenSSL benchmark processes causes the kernel to hang and emit an error indicating a corrupted virtqueue pointer. The lack of synchronization results in a race condition that can lead to abrupt process termination and inconsistent state inside the virtio-crypto subsystem, thereby denying service to legitimate workloads. The weakness is a classic race condition, where concurrent access to shared data without adequate locking yields corruption. This disorder can manifest during high concurrency scenarios, particularly when external applications overuse the crypto engine, and can be triggered via normal user activity such as cryptographic workloads.

Affected Systems

All Linux distributions that ship a kernel with the virtio-crypto driver and a builtin backend. The kernel CPE string indicates that the issue applies to the kernel release itself, not a specific vendor build, so any distribution kernel that has not been updated to include the spinlock protection is affected. The vendor list lists Linux:Linux twice, signifying a general kernel vulnerability. The affected versions are not enumerated in the source, so any release prior to the patch remains vulnerable.

Risk and Exploitability

The severity of the issue is scored as a CVSS of 5.5, placing it in the moderate range. Exploitation likelihood is estimated to be low, with an EPSS score below 1%, and the vulnerability is not listed in the CISA KEV catalog. Attacks would require a user to run multiple concurrent OpenSSL or similar processes targeting the virtio-crypto device, a scenario that may occur by default on modern workloads. Because the flaw does not expose remote code execution or privilege escalation, the immediate threat is limited to service interruption. Nonetheless, the presence of a race condition in a core kernel module warrants prompt attention, particularly for systems exposed to high concurrency cryptographic operations.

Generated by OpenCVE AI on April 15, 2026 at 15:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a patched release that includes the spinlock protection around virtqueue notifications
  • Reboot the system after upgrading to ensure the new kernel is active and the protection is in place
  • If a kernel update is not yet available, limit concurrent use of OpenSSL or other applications that employ the virtio-crypto backend to single-threaded or low-concurrency modes until the patch is applied

Generated by OpenCVE AI on April 15, 2026 at 15:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4498-1 linux security update
Debian DLA Debian DLA DLA-4499-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6141-1 linux security update
Debian DSA Debian DSA DSA-6163-1 linux security update
History

Wed, 18 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 23 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
References

Thu, 19 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
References

Thu, 19 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 18 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.
Title crypto: virtio - Add spinlock protection with virtqueue notification
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:02:45.758Z

Reserved: 2026-01-13T15:37:45.988Z

Link: CVE-2026-23229

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T16:22:32.693

Modified: 2026-03-18T13:25:23.100

Link: CVE-2026-23229

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-18T00:00:00Z

Links: CVE-2026-23229 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:15:10Z

Weaknesses