Description
In the Linux kernel, the following vulnerability has been resolved:

igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue

The previous 7 KB per queue caused TX unit hangs under heavy
timestamping load. Reducing to 5 KB avoids these hangs and matches
the TSN recommendation in I225/I226 SW User Manual Section 7.5.4.

The 8 KB "freed" by this change is currently unused. This reduction
is not expected to impact throughput, as the i226 is PCIe-limited
for small TSN packets rather than TX-buffer-limited.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service due to TX unit hang
Action: Patch
AI Analysis

Impact

A Linux kernel change reduces the TSN transmit packet buffer from 7 KB to 5 KB per queue to prevent frequent TX unit hangs under heavy timestamping load. The previous buffer size caused the hardware to lock up when large volumes of timestamped packets were processed, resulting in a denial‑of‑service condition for both the affected network device and the host kernel. The fix is purely a stability improvement that does not directly expose the system to arbitrary code execution or data exfiltration but can be exploited by generating excessive TSN traffic to trigger the hang.

Affected Systems

The vulnerability exists in the upstream Linux kernel, particularly in the 6.19 release candidates (rc1 through rc6). Any system running a kernel that includes the older 7 KB TSN transmit buffer implementation—before the patch that reduces it to 5 KB—was affected.

Risk and Exploitability

With a CVSS score of 5.5 the severity is moderate. The EPSS indicates exploitation probability is below 1 % and the flaw is not listed in CISA’s KEV catalog, suggesting it is not actively exploited. The likely attack vector involves an attacker (remote or local with network access) who can send or generate large amounts of TSN‑timestamped traffic to force the TX unit into a hung state. The impact would be a slowdown or pause of network traffic for the affected device and a possible kernel lockup if the hang propagates. No additional privileges or access are required beyond the ability to generate TSN traffic on the device’s link.

Generated by OpenCVE AI on April 18, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that contains the TSN TX buffer reduction, such as Linux kernel 6.19 rc6 or a later stable release.
  • If an immediate kernel upgrade is not possible, disable TSN timestamping on the I225/I226 devices or implement traffic shaping to reduce the volume of TSN packets, mitigating the risk of TX unit hangs.
  • Set up monitoring on network interfaces for unusually high TSN traffic and configure alerts to detect sudden increases that could trigger the buffer hang.

Generated by OpenCVE AI on April 18, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Wed, 18 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Sat, 14 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestamping load. Reducing to 5 KB avoids these hangs and matches the TSN recommendation in I225/I226 SW User Manual Section 7.5.4. The 8 KB "freed" by this change is currently unused. This reduction is not expected to impact throughput, as the i226 is PCIe-limited for small TSN packets rather than TX-buffer-limited.
Title igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:09:52.592Z

Reserved: 2026-01-13T15:37:45.970Z

Link: CVE-2026-23122

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T15:16:07.390

Modified: 2026-03-18T14:50:49.260

Link: CVE-2026-23122

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23122 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses