Description
In the Linux kernel, the following vulnerability has been resolved:

net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode

Page recycling was removed from the XDP_DROP path in emac_run_xdp() to
avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free()
instead.

However, this causes a memory leak when running XDP programs that drop
packets in non-zero-copy mode (standard page pool mode). The pages are
never returned to the page pool, leading to OOM conditions.

Fix this by handling cleanup in the caller, emac_rx_packet().
When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the
caller now recycles the page back to the page pool. The zero-copy
path, emac_rx_packet_zc() already handles cleanup correctly with
xsk_buff_free().
Published: 2026-04-03
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug removes page recycling from the XDP_DROP path in the Texas Instruments ICSSG PRU Ethernet driver when operating in non‑zero‑copy mode. This results in the page buffers used by dropped packets never being returned to the page pool, creating a memory leak that can grow until the kernel runs out of memory and the out‑of‑memory killer terminates processes or the entire system. The weakness is a classic memory‑leak flaw (CWE‑772) and a violation of proper memory deallocation (CWE‑401). The consequence is a denial‑of‑service that affects the host as a whole.

Affected Systems

The issue resides in the Linux kernel’s net:ti:icssg‑prueth driver. Any Linux kernel build that predates the patch commit is vulnerable; the CPE list includes kernel releases from 7.0 release candidates up to and including 7.0 rc4. Because no specific patch version range is supplied, all kernels released before the affected commit should be considered at risk.

Risk and Exploitability

The EPSS score of less than 1 % indicates a low likelihood of exploitation, but the CVSS score of 7.5 denotes high severity. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. The injection of malicious packets that reach an XDP program performing a drop in standard page‑pool mode is the inferred attack scenario; this inference is drawn from the description of the driver behavior but is not explicitly stated in the CVE record. Successful exploitation would require that the host process the offending network traffic, leading to a memory‑leak and eventual out‑of‑memory condition.

Generated by OpenCVE AI on May 26, 2026 at 17:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the XDP_DROP memory‑leak fix (apply the patch referenced in the CVE commit).
  • If an immediate kernel upgrade cannot be performed, disable or remove XDP programs that perform XDP_DROP in non‑zero‑copy mode on the affected interfaces, or disable XDP entirely for those interfaces.
  • Continuously monitor system memory usage and kernel logs for signs of out‑of‑memory conditions and configure alerting for sudden memory spikes.

Generated by OpenCVE AI on May 26, 2026 at 17:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead. However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions. Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().
Title net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:07:17.046Z

Reserved: 2026-01-13T15:37:46.020Z

Link: CVE-2026-23453

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:31.820

Modified: 2026-05-26T14:50:24.220

Link: CVE-2026-23453

cve-icon Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23453 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T17:15:10Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime