CVE-2026-23453 - Vulnerability Details

- net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode

Page recycling was removed from the XDP_DROP path in emac_run_xdp() to
avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free()
instead.

However, this causes a memory leak when running XDP programs that drop
packets in non-zero-copy mode (standard page pool mode). The pages are
never returned to the page pool, leading to OOM conditions.

Fix this by handling cleanup in the caller, emac_rx_packet().
When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the
caller now recycles the page back to the page pool. The zero-copy
path, emac_rx_packet_zc() already handles cleanup correctly with
xsk_buff_free().

Published: 2026-04-03

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

When XDP programs drop packets in non‑zero‑copy mode, the driver no longer recycles the associated page buffers, causing a memory leak that can deplete system memory and trigger an out‑of‑memory kill. This represents a classic memory‑leak weakness (CWE‑772) that can lead to a denial‑of‑service state affecting the entire host because the kernel eventually terminates processes or the system.

Affected Systems

The flaw exists in the Linux kernel’s TI ICSSG PRU Ethernet driver (net:ti:icssg‑prueth). Any Linux kernel release that has not incorporated the patch commit is affected, regardless of distribution. No specific version range is provided, so any kernel before the fix should be considered vulnerable.

Risk and Exploitability

The EPSS score for the vulnerability is below 1 %, indicating a low likelihood of exploitation. The CVSS score is 7.5, reflecting a high severity. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need to deliver packets that are processed by an XDP program performing XDP_DROP in standard page‑pool mode to trigger the memory leak. Exploitation requires local kernel execution via legitimate traffic rather than a remote code‑execution vector.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7a64bb388df3cf091afdd047c701039a13acd3b4`	affected	< d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5
`7a64bb388df3cf091afdd047c701039a13acd3b4`	affected	< 719d3e71691db7c4f1658ba5a6d1472928121594

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.10`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[7a64bb388df3cf091afdd047c701039a13acd3b4,d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5)`	affected	code_commit	—
`[7a64bb388df3cf091afdd047c701039a13acd3b4,719d3e71691db7c4f1658ba5a6d1472928121594)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.19.10,6.20.0)`	unaffected	semver	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that includes the XDP_DROP memory‑leak fix
If an immediate kernel upgrade is not possible, remove or disable XDP programs that drop packets in non‑zero‑copy mode from production traffic
Continuously monitor kernel memory usage and system logs for signs of out‑of‑memory conditions

Generated by OpenCVE AI on April 28, 2026 at 08:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594
https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5
https://lore.kernel.org/linux-cve-announce/2026040317-CVE-2026-23453-c4f8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23453
https://www.cve.org/CVERecord?id=CVE-2026-23453

History

Mon, 27 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026040317-CVE-2026-23453-c4f8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23453 https://www.cve.org/CVERecord?id=CVE-2026-23453

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead. However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions. Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().
Title		net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594 https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:35.549Z

Updated: 2026-04-27T14:02:32.584Z

Reserved: 2026-01-13T15:37:46.020Z

Link: CVE-2026-23453

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-03T16:16:31.820

Modified: 2026-04-27T14:16:33.833

Link: CVE-2026-23453

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23453 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T09:00:06Z

Weaknesses

CWE-772

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object