CVE-2026-23229
Modified Modified - Updated After Analysis
Race Condition in Linux Kernel Virtio-Crypto Causing Process Hang

Publication date: 2026-02-18

Last updated on: 2026-06-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23229
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.1 (exc)
linux linux_kernel From 5.4.268 (inc) to 5.5 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.11 (exc)
linux linux_kernel From 4.19.306 (inc) to 4.20 (exc)
linux linux_kernel From 5.10.209 (inc) to 5.10.251 (exc)
linux linux_kernel From 5.15.148 (inc) to 5.15.201 (exc)
linux linux_kernel From 6.1.75 (inc) to 6.1.164 (exc)
linux linux_kernel From 6.6.14 (inc) to 6.6.125 (exc)
linux linux_kernel From 6.7.2 (inc) to 6.12.72 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's virtio-crypto PCI device handling. When a virtual machine boots with one virtio-crypto PCI device and the builtin backend, running the openssl benchmark command with multiple processes causes the openssl processes to hang. An error message such as "virtio_crypto virtio0: dataq.0:id 3 is not a head!" is reported. The issue arises because the data virtqueue requires protection during the virtio done notification handling. Without proper spinlock protection in the virtcrypto_done_task() function, concurrent access leads to this problem.

Adding spinlock protection in the virtcrypto_done_task() function resolves the issue, allowing the openssl benchmark with multiple processes to run correctly.

Impact Analysis

This vulnerability can cause openssl processes running multiple concurrent operations on a virtual machine using a virtio-crypto PCI device to hang or become unresponsive. This can lead to denial of service for cryptographic operations, potentially impacting applications relying on openssl for encryption or cryptographic benchmarks.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by observing system behavior when running multiple OpenSSL processes using the virtio-crypto PCI device with the builtin backend.

Specifically, running the command: openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 may cause the OpenSSL processes to hang.

Additionally, error messages such as "virtio_crypto virtio0: dataq.0:id 3 is not a head!" in system logs indicate the presence of this issue.

Mitigation Strategies

The vulnerability is mitigated by adding spinlock protection in the virtcrypto_done_task() function to protect the data virtqueue during virtio done notification.

Until the fix is applied, avoid running multiple OpenSSL processes using the virtio-crypto PCI device with the builtin backend simultaneously, as this triggers the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart