CVE-2026-23229

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's virtio crypto component related to spinlock protection when handling virtqueue notifications. Specifically, when a virtual machine boots with a single virtio-crypto PCI device and a builtin backend, running the openssl speed command with multiple processes can cause processes to hang. This occurs because the data virtqueue lacks proper protection during virtio done notification handling. The issue manifests as an error message: 'virtio crypto virtio0: dataq.0:id 3 is not a head!'. Adding spinlock protection within the virtcrypto done task() function resolves the problem, allowing the openssl benchmark to function correctly with multiple processes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.