CVE-2026-23229 PUBLISHED

crypto: virtio - Add spinlock protection with virtqueue notification

Assigner: Linux
Reserved: 13.01.2026 Published: 18.02.2026 Updated: 18.02.2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: virtio - Add spinlock protection with virtqueue notification

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32

openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head!

It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to d6f0d586808689963e58fd739bed626ff5013b24 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to c0a0ded3bb7fd45f720faa48449a930153257d3a (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 49c57c6c108931a914ed94e3c0ddb974008260a3 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.6.125 to 6.6.* (incl.)
  • unaffected from 6.12.72 to 6.12.* (incl.)
  • unaffected from 6.18.11 to 6.18.* (incl.)
  • unaffected from 6.19.1 to 6.19.* (incl.)

References