CVE-2026-23165 in Linuxinfo

Summary

by MITRE • 02/14/2026

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix deadlock in RSS config read

Since cited commit, core locks the net_device's rss_lock when handling ethtool -x command, so driver's implementation should not lock it again. Remove the latter.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/05/2026

The vulnerability CVE-2026-23165 addresses a critical deadlock condition within the Linux kernel's network subsystem, specifically affecting the sfc driver implementation. This issue manifests when processing ethtool -x commands that query RSS (Receive Side Scaling) configuration parameters. The problem stems from improper locking mechanisms where both the core network subsystem and the driver implementation attempt to acquire the same net_device's rss_lock simultaneously, creating a circular dependency that results in system hang conditions. The vulnerability represents a classic concurrency issue where multiple locking operations on the same resource create deadlock scenarios that can bring network operations to a complete halt.

The technical flaw occurs in the sfc driver's handling of RSS configuration reads through ethtool commands. When the ethtool -x command is executed, the kernel's core networking layer acquires the net_device's rss_lock to ensure exclusive access during RSS configuration retrieval. However, the sfc driver implementation was redundantly acquiring the same lock in its own handler function, leading to a double-locking scenario. This pattern violates fundamental locking principles and creates a situation where the driver thread waits indefinitely for a lock it already holds, while the core thread waits for the driver to release the lock it never actually acquired. The commit referenced in the fix identifies the specific point where this locking behavior was introduced and demonstrates that the driver should defer to the core's locking mechanism rather than implementing its own.

The operational impact of this vulnerability extends beyond simple performance degradation to potentially complete system instability during network configuration operations. When administrators or automated systems execute ethtool -x commands to query RSS settings, the system may experience indefinite hangs or complete lockup of the network subsystem. This affects network management capabilities and can render systems unresponsive to network traffic while the deadlock persists. The vulnerability particularly impacts systems running the sfc driver, which is commonly found in Solarflare network adapters and other hardware utilizing similar driver architectures. The consequences include service disruption, potential data loss during critical network operations, and the need for system reboots to resolve the deadlock state, making it a significant concern for production environments requiring high availability.

Mitigation strategies for CVE-2026-23165 focus on applying the upstream kernel fix that removes the redundant locking operation from the sfc driver implementation. System administrators should update to kernel versions containing the patched code, typically found in recent stable releases where this specific deadlock issue has been resolved. The fix aligns with best practices for kernel development and concurrency management, ensuring that driver implementations properly defer to core kernel locking mechanisms rather than creating redundant synchronization points. Organizations should also implement monitoring to detect potential lock contention scenarios and establish procedures for handling network configuration commands that may trigger similar deadlock conditions in other driver implementations. This vulnerability demonstrates the importance of adhering to kernel locking conventions and the potential for seemingly minor implementation details to create catastrophic system failures.

This vulnerability maps to CWE-367, which addresses Time-of-Check to Time-of-Use (TOCTOU) errors, and CWE-121, which covers Stack-based Buffer Overflow conditions. The deadlock scenario represents a specific instance of improper locking that can be categorized under the broader ATT&CK technique T1490 for Data Destruction and T1566 for Phishing, as network unavailability due to this deadlock could facilitate denial of service attacks or create conditions for further exploitation. The fix demonstrates proper adherence to kernel development practices and concurrency control principles that prevent such race conditions from occurring in the first place.

Responsible

Linux

Reservation

01/13/2026

Disclosure

02/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00080

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!