CVE-2026-23229
Race Condition in Linux Kernel Virtio-Crypto Causing Process Hang
Publication date: 2026-02-18
Last updated on: 2026-03-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.19 (inc) to 6.19.1 (exc) |
| linux | linux_kernel | From 5.4.268 (inc) to 5.5 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.11 (exc) |
| linux | linux_kernel | From 4.19.306 (inc) to 4.20 (exc) |
| linux | linux_kernel | From 5.10.209 (inc) to 5.10.251 (exc) |
| linux | linux_kernel | From 5.15.148 (inc) to 5.15.201 (exc) |
| linux | linux_kernel | From 6.1.75 (inc) to 6.1.164 (exc) |
| linux | linux_kernel | From 6.6.14 (inc) to 6.6.125 (exc) |
| linux | linux_kernel | From 6.7.2 (inc) to 6.12.72 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's virtio-crypto PCI device handling. When a virtual machine boots with one virtio-crypto PCI device and the builtin backend, running the openssl benchmark command with multiple processes causes the openssl processes to hang. An error message such as "virtio_crypto virtio0: dataq.0:id 3 is not a head!" is reported. The issue arises because the data virtqueue requires protection during the virtio done notification handling. Without proper spinlock protection in the virtcrypto_done_task() function, concurrent access leads to this problem.
Adding spinlock protection in the virtcrypto_done_task() function resolves the issue, allowing the openssl benchmark with multiple processes to run correctly.
How can this vulnerability impact me? :
This vulnerability can cause openssl processes running multiple concurrent operations on a virtual machine using a virtio-crypto PCI device to hang or become unresponsive. This can lead to denial of service for cryptographic operations, potentially impacting applications relying on openssl for encryption or cryptographic benchmarks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing system behavior when running multiple OpenSSL processes using the virtio-crypto PCI device with the builtin backend.
Specifically, running the command: openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 may cause the OpenSSL processes to hang.
Additionally, error messages such as "virtio_crypto virtio0: dataq.0:id 3 is not a head!" in system logs indicate the presence of this issue.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is mitigated by adding spinlock protection in the virtcrypto_done_task() function to protect the data virtqueue during virtio done notification.
Until the fix is applied, avoid running multiple OpenSSL processes using the virtio-crypto PCI device with the builtin backend simultaneously, as this triggers the issue.