CVE-2026-23054

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: hv_netvsc: reject RSS hash key programming without RX indirection table

RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an indirection table, accepting RSS hash key updates in this state leads to a hang.

Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return -EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device capabilities and prevents incorrect behavior.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux962f3fee83a4ef9010ae84dc43ae7aecb572e2a9 < 8288136f508e78eb3563e7073975999cf225a2f9affected
LinuxLinux962f3fee83a4ef9010ae84dc43ae7aecb572e2a9 < 82c9039c8ebb715753a40434df714f865a3aec9caffected
LinuxLinux962f3fee83a4ef9010ae84dc43ae7aecb572e2a9 < 4cd55c609e85ae2313248ef1a33619a3eef44a16affected
LinuxLinux962f3fee83a4ef9010ae84dc43ae7aecb572e2a9 < 11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3affected
LinuxLinux962f3fee83a4ef9010ae84dc43ae7aecb572e2a9 < d23564955811da493f34412d7de60fa268c8cb50affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.67 <= 6.12.*unaffected
LinuxLinux6.18.7 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References