PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23054 Linux CVE debrief

The Linux kernel was vulnerable to a hang condition when RSS hash key programming was attempted without a valid RX indirection table. This issue was resolved by gating netvsc_set_rxfh() on ndc->rx_table_sz and returning -EOPNOTSUPP when the table is absent. The vulnerability affects the net: hv_netvsc module. The issue arises when the device reports a single receive queue and rndis_filter_device_add() does not allocate an indirection table. Accepting RSS hash key updates in this state leads to a hang. The fix aligns set_rxfh with device capabilities and prevents incorrect behavior. Linux kernel users and administrators should review and apply patches.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-04
Original CVE updated
2026-07-14
Advisory published
2026-02-04
Advisory updated
2026-07-14

Who should care

Linux kernel users and administrators who use the hv_netvsc module should review and apply the provided patches to prevent potential hangs. They should also verify the RX indirection table configuration for hv_netvsc. Security teams and vulnerability management teams should track this vulnerability and ensure that affected systems are remediated.

Technical summary

The Linux kernel vulnerability (CVE-2026-23054) relates to the net: hv_netvsc module. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table. Accepting RSS hash key updates in this state leads to a hang. The fix aligns set_rxfh with device capabilities and prevents incorrect behavior. The vulnerability can be mitigated by verifying the RX indirection table configuration for hv_netvsc and reviewing the provided patches to the Linux kernel.

Defensive priority

Medium

Recommended defensive actions

  • Review and apply the provided patches to the Linux kernel
  • Verify the RX indirection table configuration for hv_netvsc
  • Monitor for similar RSS configuration issues
  • Perform compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-02-04T17:16:16.070Z and was last modified on 2026-07-14T13:18:23.360Z. The NVD entry is currently Deferred. There is limited information available about the specific vulnerability and its potential impact. Defenders should verify the RX indirection table configuration for hv_netvsc and review the provided patches to the Linux kernel. Evidence is limited to CVE and NVD details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-04T17:16:16.070Z and has not been modified since then. The NVD entry is currently Deferred.