Description
In the Linux kernel, the following vulnerability has been resolved:

igc: fix page fault in XDP TX timestamps handling

If an XDP application that requested TX timestamping is shutting down
while the link of the interface in use is still up the following kernel
splat is reported:

[ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008
...
[ 883.803650] [ T1554] Call Trace:
[ 883.803652] [ T1554] <TASK>
[ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc]
[ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc]
...

During shutdown of the TX ring the xsk_meta pointers are left behind, so
that the IRQ handler is trying to touch them.

This issue is now being fixed by cleaning up the stale xsk meta data on
TX shutdown. TX timestamps on other queues remain unaffected.
Published: 2026-04-03
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Kernel Crash)
Action: Apply Patch
AI Analysis

Impact

The Linux kernel contains a defect in the igc network driver that triggers a page fault during shutdown of an XDP application that has requested transmit timestamps. When the network interface link remains active, stale XDP socket metadata is accessed by the interrupt handler after the TX ring has been closed, which causes the kernel to crash with a BUG message and lose all service. The crash denies availability of the affected host; the description does not mention any direct compromise of confidentiality or integrity, so the impact is limited to service interruption.

Affected Systems

The bug exists in all Linux kernels that use the igc driver prior to the commit that applied the cleanup logic. The known affected CPE strings reference kernel 6.10 and all 7.0 release candidates up to rc7, so any deployment running a kernel in that range could be vulnerable. Systems that upgraded to a kernel after the patch are not affected.

Risk and Exploitability

With a CVSS score of 7.8 the flaw is considered high severity. The EPSS score of less than 1% suggests exploitation is unlikely at this time. The advisory notes that the bug requires the ability to shut down an XDP TX timestamping application while the interface link remains active, which in turn implies local or privileged user control; this is inferred from the described conditions. No public exploit is reported and the vulnerability is not listed in CISA KEV. The attack vector is therefore limited to environments where an attacker can execute code with sufficient privileges to trigger the shutdown.

Generated by OpenCVE AI on April 28, 2026 at 21:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that incorporates the igc driver fix.
  • If an immediate kernel update is not possible, avoid shutting down XDP transmit‑timestamping applications while the network interface link remains active; ensure proper cleanup before driver shutdown.
  • Monitor kernel logs for BUG messages such as "unable to handle page fault" that indicate the bug has been triggered.

Generated by OpenCVE AI on April 28, 2026 at 21:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 23 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported: [ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] <TASK> [ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc] [ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc] ... During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them. This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.
Title igc: fix page fault in XDP TX timestamps handling
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:07:02.963Z

Reserved: 2026-01-13T15:37:46.019Z

Link: CVE-2026-23445

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-04-03T16:16:30.077

Modified: 2026-04-27T14:16:33.283

Link: CVE-2026-23445

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23445 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:00:14Z

Weaknesses