CVE-2026-23229
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: virtio - Add spinlock protection with virtqueue notification
When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32
openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head!
It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0eb69890e86775d178452880ea0d24384c5ccedf < 552475d0b6cece73a52c0fa5faa0ce45e99df74b | affected |
| Linux | Linux | 75cba72ddb788a5b9c7ed2139fbb84383df029eb < 8ee8ccfd60bf17cbdab91069d324b5302f4f3a30 | affected |
| Linux | Linux | ae4747dab2eab95a68bb2f6c7e904bff0424e1b1 < c9e594194795c86ca753ad6ed64c2762e9309d0d | affected |
| Linux | Linux | c4c54fce9ec54a59a4ca035af13c2823c76684cc < d6f0d586808689963e58fd739bed626ff5013b24 | affected |
| Linux | Linux | fed93fb62e05c38152b0fc1dc9609639e63eed76 < c0a0ded3bb7fd45f720faa48449a930153257d3a | affected |
| Linux | Linux | fed93fb62e05c38152b0fc1dc9609639e63eed76 < e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2 | affected |
| Linux | Linux | fed93fb62e05c38152b0fc1dc9609639e63eed76 < 49c57c6c108931a914ed94e3c0ddb974008260a3 | affected |
| Linux | Linux | fed93fb62e05c38152b0fc1dc9609639e63eed76 < b505047ffc8057555900d2d3a005d033e6967382 | affected |
| Linux | Linux | 96be18c8fff9d57e29621386e2fa17268383ea27 | affected |
| Linux | Linux | 830a4f073f7edd2cc4f30ba95bdc3495d97c2550 | affected |
| Linux | Linux | 8862c0d2e47ba1733d9687fe0ff4e02d6e391255 | affected |
| Linux | Linux | 5.10.209 < 5.10.251 | affected |
| Linux | Linux | 5.15.148 < 5.15.201 | affected |
| Linux | Linux | 6.1.75 < 6.1.164 | affected |
| Linux | Linux | 6.6.14 < 6.6.125 | affected |
| Linux | Linux | 4.19.306 < 4.20 | affected |
| Linux | Linux | 5.4.268 < 5.5 | affected |
| Linux | Linux | 6.7.2 < 6.8 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 5.10.251 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.201 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.164 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.125 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.72 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.11 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.1 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
ADP Enrichment
Additional References
References
- https://git.kernel.org/stable/c/552475d0b6cece73a52c0fa5faa0ce45e99df74b
- https://git.kernel.org/stable/c/8ee8ccfd60bf17cbdab91069d324b5302f4f3a30
- https://git.kernel.org/stable/c/c9e594194795c86ca753ad6ed64c2762e9309d0d
- https://git.kernel.org/stable/c/d6f0d586808689963e58fd739bed626ff5013b24
- https://git.kernel.org/stable/c/c0a0ded3bb7fd45f720faa48449a930153257d3a
- https://git.kernel.org/stable/c/e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2
- https://git.kernel.org/stable/c/49c57c6c108931a914ed94e3c0ddb974008260a3
- https://git.kernel.org/stable/c/b505047ffc8057555900d2d3a005d033e6967382
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.