CVE-2026-23143 – A memory alignment bug in the Linux kernel's vi... (How to Fix)

Q: What is the severity of CVE-2026-23143?

CVE-2026-23143 has a CVSS score of N/A (Unknown). A memory alignment bug in the Linux kernel's virtio_net driver causes RSS (Receive Side Scaling) hash keys to be misaligned by one byte when passed to virtual network devices. This affects Linux systems using virtio networking, particularly in virtualized environments like KVM/QEMU, containers, and cloud platforms. The bug results in incorrect RSS key data being sent to devices, potentially impacting network performance and security.

📋 TL;DR

A memory alignment bug in the Linux kernel's virtio_net driver causes RSS (Receive Side Scaling) hash keys to be misaligned by one byte when passed to virtual network devices. This affects Linux systems using virtio networking, particularly in virtualized environments like KVM/QEMU, containers, and cloud platforms. The bug results in incorrect RSS key data being sent to devices, potentially impacting network performance and security.

💻 Affected Systems

Products:

Linux kernel virtio_net driver

Versions: Linux kernel versions containing the vulnerable code (specific versions not specified in CVE, but patches available in stable trees)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using virtio networking with RSS enabled. Common in KVM/QEMU virtual machines, containers, and cloud instances.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure through uninitialized memory exposure in the shifted RSS key, potential network performance degradation, or denial of service if RSS functionality fails.

🟠

Likely Case

Network performance issues due to incorrect RSS hash distribution, potentially causing packet reordering or reduced throughput in virtualized environments.

🟢

If Mitigated

Minimal impact if RSS is disabled or not used in the virtual network configuration.

🌐 Internet-Facing: LOW - This is primarily an internal driver alignment issue affecting virtual network device communication, not directly exploitable from external networks.

🏢 Internal Only: MEDIUM - Affects virtualized infrastructure and container networking, potentially impacting performance and reliability of internal network communications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires kernel-level access or ability to manipulate virtio device configurations. Primarily a reliability/performance issue rather than a direct security vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits 4156c3745f06bc197094b9ee97a9584e69ed00bf and ae48108c2310f1dd700e0dbb655c2f1d92ed00fc

Vendor Advisory: https://git.kernel.org/stable/c/4156c3745f06bc197094b9ee97a9584e69ed00bf

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager to update kernel package. 3. For custom kernels: Apply patches from kernel.org stable tree. 4. No reboot required for live kernel updates if supported.

🔧 Temporary Workarounds

Disable RSS in virtio networking

all

Disable Receive Side Scaling feature in virtio network device configuration to avoid the misalignment issue.

echo 0 > /sys/class/net/<interface>/queues/rx-<n>/rps_cpus
Set RSS=off in VM/container network configuration

🧯 If You Can't Patch

Disable RSS functionality on virtio network interfaces
Use alternative network drivers or virtualization technologies that don't use virtio_net

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if virtio_net module is loaded with RSS support: lsmod | grep virtio_net; check /sys/class/net/ for virtio interfaces

Check Version:

uname -r; cat /proc/version

Verify Fix Applied:

Verify kernel version includes the fix commits: grep -r '4156c3745f06bc197094b9ee97a9584e69ed00bf\|ae48108c2310f1dd700e0dbb655c2f1d92ed00fc' /usr/src/linux/

📡 Detection & Monitoring

Log Indicators:

Kernel warnings about flexible array member alignment
Network performance degradation logs
virtio_net driver initialization errors

Network Indicators:

Unusual packet distribution in virtual networks
RSS hash key mismatch warnings

SIEM Query:

source="kernel" AND ("virtio_net" OR "flex-array-member-not-at-end" OR "misalignment")

📊 Metadata

CVE ID: CVE-2026-23143

CVSS v3 Score: N/A (Unknown)

Published: February 14, 2026

Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON