CVE-2026-23054

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the networking subsystem related to the hv netvsc driver. Specifically, the driver does not properly validate the presence of a Receive Side Scaling (RSS) indirection table before allowing RSS hash key programming. When a device reports a single receive queue, the rndis filter device add() function fails to allocate the necessary indirection table. Accepting RSS hash key updates in this state can lead to a system hang. The issue is addressed by restricting the netvsc set rxfh() function based on the size of the RX table (ndc->rx table sz) and returning an error if the table is absent. This ensures that RSS hash key updates are only accepted when the device is capable of handling them.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23054

ECHO-1D3A-C5C4-B8BE

OESA-2026-1566

OESA-2026-1567

OESA-2026-1569

OESA-2026-1570

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:0984-1

SUSE-SU-2026:1003-1

SUSE-SU-2026:1041-1

SUSE-SU-2026:1077-1

SUSE-SU-2026:1078-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:1131-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linux Kernel

Ubuntu

Hv Netvsc

Netvsc Set Rxfh

Rndis Filter Device Add

CVE-2026-23054

Related Identifiers

Affected Products

References · 988