Skip to main content

Linux CVE-2026-23453

| EUVDEUVD-2026-18706 HIGH
Memory Leak (CWE-401)
2026-04-03 Linux GHSA-h255-j2q2-5hrg
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
Apr 27, 2026 - 14:22 NVD
7.5 (HIGH)
Patch available
Apr 16, 2026 - 05:29 EUVD
719d3e71691db7c4f1658ba5a6d1472928121594
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18706
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode

Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead.

However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions.

Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().

AnalysisAI

Memory leak in Linux kernel's TI ICSSG PRU Ethernet driver XDP_DROP path causes page pool exhaustion and out-of-memory conditions on systems using XDP packet dropping in non-zero-copy mode. The vulnerability affects all Linux kernel versions with the vulnerable icssg-prueth driver code; page recycling was incorrectly removed from the XDP_DROP handler to support AF_XDP zero-copy mode, but this created a resource leak in standard mode. No active exploitation identified; this is a kernel stability and denial-of-service issue affecting embedded and edge systems using TI PRU Ethernet hardware.

Technical ContextAI

The Linux kernel's TI ICSSG PRU Ethernet driver (icssg-prueth) manages packet processing through XDP (eXpress Data Path) programs with two operational modes: standard page pool allocation and AF_XDP zero-copy mode. The vulnerability resides in the emac_run_xdp() function's XDP_DROP handling path. In zero-copy mode, AF_XDP uses xsk_buff_free() to return buffer ownership to user-space; however, page recycling was removed from the XDP_DROP path to avoid conflicts with this mechanism. This caused the non-zero-copy (standard page pool) path to lose page return logic entirely, meaning dropped packets in standard mode leave their page allocations unreturned. The fix implements conditional cleanup at the caller level (emac_rx_packet()) to distinguish between zero-copy and non-zero-copy contexts-when emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the standard path now recycles the page back to the kernel's page pool allocator via page_pool_recycle_direct() or similar APIs, while emac_rx_packet_zc() maintains its xsk_buff_free() semantics for user-space buffers.

RemediationAI

Apply the upstream Linux kernel fix by updating to a kernel version containing commits d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5 or 719d3e71691db7c4f1658ba5a6d1472928121594 from stable kernel trees. These commits restore page pool recycling logic in the XDP_DROP path at the emac_rx_packet() caller level, ensuring pages are returned to the pool in standard (non-zero-copy) mode while preserving AF_XDP zero-copy semantics. Check your distribution's stable kernel release schedule for backported versions; major distributions (Debian, Ubuntu, RHEL, OpenWrt) should include this fix in their next LTS or stable updates. Interim mitigation: disable XDP packet dropping or switch to user-space packet filtering if XDP cannot be disabled, though this reduces performance. Refer to https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5 and https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594 for commit details and stable branch availability.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy