CVE-2026-23054

net: hv_netvsc: reject RSS hash key programming without RX indirection table

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device
reports a single receive queue, rndis_filter_device_add() does not
allocate an indirection table, accepting RSS hash key updates in this
state leads to a hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return
-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device
capabilities and prevents incorrect behavior.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-02-04 CVE Published
2026-02-09 CVE Updated
2026-03-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/962f3fee83a4ef9010ae84dc43ae7aecb572e2a9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9	2026-02-06
https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c	2026-01-30
https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16	2026-01-23
https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3	2026-01-23
https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50	2026-01-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.1.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.1.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.6.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.6.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.12.67 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.12.67"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.18.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.18.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.19"		en		Affected