CVE-2026-23165 — Vulnetix

CVE-2026-23165 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: sfc: fix deadlock in RSS config read Since cited commit, core locks the net_device's rss_lock when handling ethtool -x command, so driver's implementation should not lock it again. Remove the latter.

EPSS 0.02% · 3.2th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

3.2th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	040cef30b5e67271e3193e0206f82b206fc97095, 040cef30b5e67271e3193e0206f82b206fc97095, 6.17
linux	linux_kernel	6.19, 6.19, 6.19

Exploit Intelligence

https://git.kernel.org/stable/c/590c8179ffb01c17644181408821b55b8704c50c (circl)
https://git.kernel.org/stable/c/944c614b0a7afa5b87612c3fb557b95a50ad654c (circl)

Timeline

Jan 13, 2026 CVE ID Reserved
Feb 14, 2026 CVE Published
Feb 15, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 4, 2026 EPSS Score

References

https://git.kernel.org/stable/c/590c8179ffb01c17644181408821b55b8704c50c url
https://git.kernel.org/stable/c/944c614b0a7afa5b87612c3fb557b95a50ad654c url
https://nvd.nist.gov/vuln/detail/CVE-2026-23165 advisory

Open in Interactive Console →