Description
In the Linux kernel, the following vulnerability has been resolved:

igc: fix page fault in XDP TX timestamps handling

If an XDP application that requested TX timestamping is shutting down
while the link of the interface in use is still up the following kernel
splat is reported:

[ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008
...
[ 883.803650] [ T1554] Call Trace:
[ 883.803652] [ T1554] <TASK>
[ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc]
[ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc]
...

During shutdown of the TX ring the xsk_meta pointers are left behind, so
that the IRQ handler is trying to touch them.

This issue is now being fixed by cleaning up the stale xsk meta data on
TX shutdown. TX timestamps on other queues remain unaffected.
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Kernel Crash)
Action: Apply Patch
AI Analysis

Impact

In the Linux kernel, a flaw in the igc driver causes a page fault during a shutdown of an XDP application that had requested transmit timestamps. When the link remains up, stale XDP socket metadata is accessed by the interrupt handler, leading to a kernel panic and a system crash. The fault results in a denial of service, affecting the availability of the affected host, but does not directly compromise confidentiality or integrity.

Affected Systems

The vulnerability affects Linux systems that use the igc network driver in the kernel. It is present on all kernel releases prior to the fix committed in the patch series referenced by the Advisory. The exact affected versions are not listed, so any Linux kernel that may still be running the old igc driver code is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.0, the flaw is considered moderate to high severity. Because the bug requires local control of an XDP application or the ability to trigger a shutdown while the device link is up, the attack surface is limited to users with privileged access to the kernel or the network interface. No public exploit is known and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS score is unavailable, so the precise likelihood of exploitation is uncertain, but the impact remains significant for affected hosts.

Generated by OpenCVE AI on April 4, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Linux kernel to a version that includes the igc driver fix
  • If an immediate kernel update is not possible, avoid shutting down XDP transmit timestamping applications while the network interface link is still active; otherwise, ensure proper cleanup before driver shutdown
  • Monitor kernel logs for 'BUG: unable to handle page fault' messages that may indicate the bug is triggered
  • Verify that the igc driver is in use on the host; if a different driver is used, the vulnerability may not apply

Generated by OpenCVE AI on April 4, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported: [ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] <TASK> [ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc] [ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc] ... During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them. This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.
Title igc: fix page fault in XDP TX timestamps handling
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:07:36.228Z

Reserved: 2026-01-13T15:37:46.019Z

Link: CVE-2026-23445

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:30.077

Modified: 2026-04-23T20:58:35.600

Link: CVE-2026-23445

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23445 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:17:33Z

Weaknesses