CVE-2026-23054
Linux Kernel - Denial of Service via RSS Hash Key Programming Without RX Indirection Table
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table, accepting RSS hash key updates in this state leads to a hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return -EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device capabilities and prevents incorrect behavior.
References (5)
Core 5
Core References
Scores
EPSS
0.0003
EPSS Percentile
8.0%
Details
Status
published
Products (16)
linux/Kernel
4.11.0 - 6.1.162linux
linux/Kernel
6.13.0 - 6.18.7linux
linux/Kernel
6.2.0 - 6.6.122linux
linux/Kernel
6.7.0 - 6.12.67linux
Linux/Linux
< 4.11
Linux/Linux
4.11
Linux/Linux
6.1.162 - 6.1.*
Linux/Linux
6.12.67 - 6.12.*
Linux/Linux
6.18.7 - 6.18.*
Linux/Linux
6.19
... and 6 more
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026