PatchSiren cyber security CVE debrief
CVE-2026-23054 Linux CVE debrief
The Linux kernel was vulnerable to a hang condition when RSS hash key programming was attempted without a valid RX indirection table. This issue was resolved by gating netvsc_set_rxfh() on ndc->rx_table_sz and returning -EOPNOTSUPP when the table is absent. The vulnerability affects the net: hv_netvsc module. The issue arises when the device reports a single receive queue and rndis_filter_device_add() does not allocate an indirection table. Accepting RSS hash key updates in this state leads to a hang. The fix aligns set_rxfh with device capabilities and prevents incorrect behavior. Linux kernel users and administrators should review and apply patches.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-04
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-02-04
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and administrators who use the hv_netvsc module should review and apply the provided patches to prevent potential hangs. They should also verify the RX indirection table configuration for hv_netvsc. Security teams and vulnerability management teams should track this vulnerability and ensure that affected systems are remediated.
Technical summary
The Linux kernel vulnerability (CVE-2026-23054) relates to the net: hv_netvsc module. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table. Accepting RSS hash key updates in this state leads to a hang. The fix aligns set_rxfh with device capabilities and prevents incorrect behavior. The vulnerability can be mitigated by verifying the RX indirection table configuration for hv_netvsc and reviewing the provided patches to the Linux kernel.
Defensive priority
Medium
Recommended defensive actions
- Review and apply the provided patches to the Linux kernel
- Verify the RX indirection table configuration for hv_netvsc
- Monitor for similar RSS configuration issues
- Perform compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-02-04T17:16:16.070Z and was last modified on 2026-07-14T13:18:23.360Z. The NVD entry is currently Deferred. There is limited information available about the specific vulnerability and its potential impact. Defenders should verify the RX indirection table configuration for hv_netvsc and review the provided patches to the Linux kernel. Evidence is limited to CVE and NVD details.
Official resources
-
CVE-2026-23054 CVE record
CVE.org
-
CVE-2026-23054 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-04T17:16:16.070Z and has not been modified since then. The NVD entry is currently Deferred.