Linux Kernel: virtio-crypto virtqueue data race leads to hangs: CVE-2026-23229 February 2026

Linux Kernel: virtio-crypto virtqueue data race leads to hangs
CVE-2026-23229 Published on February 18, 2026

crypto: virtio - Add spinlock protection with virtqueue notification
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.

Products Associated with CVE-2026-23229

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-23229 are published in Linux Kernel:

Affected Versions

Version 0eb69890e86775d178452880ea0d24384c5ccedf and below 552475d0b6cece73a52c0fa5faa0ce45e99df74b is affected.

Version 75cba72ddb788a5b9c7ed2139fbb84383df029eb and below 8ee8ccfd60bf17cbdab91069d324b5302f4f3a30 is affected.

Version ae4747dab2eab95a68bb2f6c7e904bff0424e1b1 and below c9e594194795c86ca753ad6ed64c2762e9309d0d is affected.

Version c4c54fce9ec54a59a4ca035af13c2823c76684cc and below d6f0d586808689963e58fd739bed626ff5013b24 is affected.

Version fed93fb62e05c38152b0fc1dc9609639e63eed76 and below c0a0ded3bb7fd45f720faa48449a930153257d3a is affected.

Version fed93fb62e05c38152b0fc1dc9609639e63eed76 and below e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2 is affected.

Version fed93fb62e05c38152b0fc1dc9609639e63eed76 and below 49c57c6c108931a914ed94e3c0ddb974008260a3 is affected.

Version fed93fb62e05c38152b0fc1dc9609639e63eed76 and below b505047ffc8057555900d2d3a005d033e6967382 is affected.

Version 96be18c8fff9d57e29621386e2fa17268383ea27 is affected.

Version 830a4f073f7edd2cc4f30ba95bdc3495d97c2550 is affected.

Version 8862c0d2e47ba1733d9687fe0ff4e02d6e391255 is affected.

Version 6.8 is affected.

Before 6.8 is unaffected.

Version 5.10.251, <= 5.10.* is unaffected.

Version 5.15.201, <= 5.15.* is unaffected.

Version 6.1.164, <= 6.1.* is unaffected.

Version 6.6.125, <= 6.6.* is unaffected.

Version 6.12.72, <= 6.12.* is unaffected.

Version 6.18.11, <= 6.18.* is unaffected.

Version 6.19.1, <= 6.19.* is unaffected.

Version 7.0-rc1, <= * is unaffected.

Exploit Probability

EPSS

0.02%

Percentile

6.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Linux Kernel: virtio-crypto virtqueue data race leads to hangsCVE-2026-23229 Published on February 18, 2026

Products Associated with CVE-2026-23229

Affected Versions

Exploit Probability

Linux Kernel: virtio-crypto virtqueue data race leads to hangs
CVE-2026-23229 Published on February 18, 2026