FKIE_CVE-2026-23054

Vulnerability from fkie_nvd - Published: 2026-02-04 17:16 - Updated: 2026-02-06 17:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table, accepting RSS hash key updates in this state leads to a hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return -EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device capabilities and prevents incorrect behavior.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc-\u003erx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: hv_netvsc: rechazar la programaci\u00f3n de clave hash RSS sin tabla de indirecci\u00f3n RX\n\nLa configuraci\u00f3n de RSS requiere una tabla de indirecci\u00f3n RX v\u00e1lida. Cuando el dispositivo informa una \u00fanica cola de recepci\u00f3n, rndis_filter_device_add() no asigna una tabla de indirecci\u00f3n; aceptar actualizaciones de clave hash RSS en este estado lleva a un cuelgue.\n\nSolucionar esto al restringir netvsc_set_rxfh() en ndc-\u0026gt;rx_table_sz y devolver -EOPNOTSUPP cuando la tabla est\u00e1 ausente. Esto alinea set_rxfh con las capacidades del dispositivo y previene un comportamiento incorrecto."
    }
  ],
  "id": "CVE-2026-23054",
  "lastModified": "2026-02-06T17:16:22.237",
  "metrics": {},
  "published": "2026-02-04T17:16:16.070",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.