CVE-2026-23054Linux vulnerability

7 documents6 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 92.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table, accepting RSS hash key updates in this state leads to a hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return -EOPNOTSUPP when the table is absent. This aligns s

Affected Packages5 packages

Linuxlinux/linux_kernel4.11.06.1.162+3
Debianlinux/linux_kernel< 6.1.162-1+2
CVEListV5linux/linux962f3fee83a4ef9010ae84dc43ae7aecb572e2a98288136f508e78eb3563e7073975999cf225a2f9+5
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-64h7-35x7-95w2: In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS2026-02-04
OSV
CVE-2026-23054: In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS c2026-02-04
OSV
net: hv_netvsc: reject RSS hash key programming without RX indirection table2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: net: hv_netvsc: reject RSS hash key programming without RX indirection table2026-02-04
Debian
CVE-2026-23054: linux - In the Linux kernel, the following vulnerability has been resolved: net: hv_net...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23054 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23054 — Linux vulnerability | cvebase