Login Sign Up

CVE-2026-23165

N/A Unknown

📋 TL;DR

This CVE describes a deadlock vulnerability in the Linux kernel's sfc driver when handling RSS (Receive Side Scaling) configuration reads via ethtool commands. The vulnerability affects Linux systems using the sfc network driver and can cause system instability or denial of service. Only systems with the affected driver are impacted.

💻 Affected Systems

Products:
  • Linux kernel with sfc driver
Versions: Kernel versions containing commit 590c8179ffb01c17644181408821b55b8704c50c up to fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Solarflare network adapters using the sfc driver. Requires execution of 'ethtool -x' command on affected interfaces.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

System deadlock requiring hard reboot, causing extended service disruption and potential data loss.

🟠

Likely Case

Temporary network service interruption when specific ethtool commands are executed, requiring manual intervention to recover.

🟢

If Mitigated

Minor performance impact or command failure without system-wide disruption.

🌐 Internet-Facing: LOW - Requires local access or privileged remote access to execute ethtool commands.
🏢 Internal Only: MEDIUM - Authorized users or administrators could inadvertently trigger the deadlock during network troubleshooting.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or privileged remote access to execute ethtool commands. More likely to be triggered accidentally than maliciously.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes 590c8179ffb01c17644181408821b55b8704c50c and 944c614b0a7afa5b87612c3fb557b95a50ad654c

Vendor Advisory: https://git.kernel.org/stable/c/590c8179ffb01c17644181408821b55b8704c50c

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. For custom kernels: Apply patches from kernel.org and rebuild.

🔧 Temporary Workarounds

Avoid ethtool -x commands

all

Prevent triggering the deadlock by avoiding RSS configuration queries on affected interfaces

# Do not run: ethtool -x <interface>
# Monitor for any automated scripts using this command

🧯 If You Can't Patch

  • Restrict ethtool command execution to trusted administrators only
  • Monitor system logs for deadlock indicators and have reboot procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if sfc driver is loaded: 'uname -r' and 'lsmod | grep sfc'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is newer than fix commits and test ethtool -x command on sfc interfaces

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • System hang/freeze events
  • Network interface errors in dmesg

Network Indicators:

  • Sudden loss of network connectivity on affected interfaces

SIEM Query:

source="kernel" AND ("deadlock" OR "sfc" OR "rss_lock")

📊 Metadata

CVE ID: CVE-2026-23165
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON