Linux Kernel Vulnerability Affecting Virtio-Crypto Devices
CVE-2026-23229

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 February 2026

What is CVE-2026-23229?

A vulnerability in the Linux kernel's virtio subsystem affects virtio-crypto PCI devices, particularly during operations that involve multiple OpenSSL processes. When running benchmarks with commands like 'openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32', the processes may hang, displaying an error indicating that a specific data queue ID is not recognized as a head. This behavior is due to the absence of spinlock protection around the data virtqueue during virtio done notifications. The implementation of spinlock protection in the virtcrypto_done_task() effectively resolves this issue, allowing OpenSSL benchmarks to process concurrently without failure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 0eb69890e86775d178452880ea0d24384c5ccedf < 552475d0b6cece73a52c0fa5faa0ce45e99df74b

Linux 75cba72ddb788a5b9c7ed2139fbb84383df029eb < 8ee8ccfd60bf17cbdab91069d324b5302f4f3a30

Linux ae4747dab2eab95a68bb2f6c7e904bff0424e1b1

References

https://git.kernel.org/stable/c/552475d0b6cece73a52c0fa5f...
https://git.kernel.org/stable/c/8ee8ccfd60bf17cbdab91069d...
https://git.kernel.org/stable/c/c9e594194795c86ca753ad6ed...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.