Skip to main content

Linux EUVDEUVD-2026-18690

| CVE-2026-23445 HIGH
2026-04-03 Linux GHSA-w2hf-gr87-g9jg
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
Severity Changed
Apr 27, 2026 - 14:22 NVD
MEDIUM HIGH
CVSS changed
Apr 27, 2026 - 14:22 NVD
5.5 (MEDIUM) 7.8 (HIGH)
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
45b33e805bd39f615d9353a7194b2da5281332df,5e4c90c94eb766d70e30694b7fe66862aabaf24b,31521c124e6488c4a81658e35199feb75a988d86
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18690
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

igc: fix page fault in XDP TX timestamps handling

If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported:

[ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] <TASK> [ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc] [ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc] ...

During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them.

This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.

AnalysisAI

Kernel page fault in Intel IGC network driver XDP TX timestamp handling allows local denial of service when an XDP application requesting TX timestamping shuts down while the interface link remains active. The vulnerability stems from stale xsk_meta pointers left in memory after TX ring shutdown, causing the IRQ handler to dereference invalid kernel addresses and trigger a kernel panic. This affects Linux kernel versions in the igc driver and requires no special privileges or network access, only the ability to run XDP programs on an affected system.

Technical ContextAI

The Intel igc network driver (cpe:2.3:a:linux:linux) implements XDP (eXpress Data Path) support with TX packet timestamping capability for precision packet transmission timing. XDP programs can request hardware TX timestamps, which are handled asynchronously by the igc_ptp_tx_tstamp_event() interrupt handler. The vulnerability exists in the interaction between XDP socket metadata (xsk_meta) and TX ring lifecycle management. When an XDP application shuts down its TX ring while the interface link remains up, the driver fails to properly clean up xsk_meta pointers. Subsequently, when hardware TX timestamp events occur, the igc_tsync_interrupt() handler invokes igc_ptp_tx_tstamp_event() to process pending timestamps, which attempts to dereference stale xsk_meta pointers that have been freed or unmapped by the application, resulting in an unhandled page fault that crashes the kernel.

RemediationAI

Upgrade the Linux kernel to a version containing one of the upstream fixes identified in the kernel.org stable repository (commits 5e4c90c94eb766d70e30694b7fe66862aabaf24b, 31521c124e6488c4a81658e35199feb75a988d86, b02fa17d1744d19cd3820bdbf6ec5d85547977bf, or 45b33e805bd39f615d9353a7194b2da5281332df). These patches clean up stale xsk_meta data during TX ring shutdown, preventing the page fault when interrupt handlers attempt to access freed memory. As a temporary workaround for systems unable to immediately patch, disable XDP TX timestamping on igc interfaces or ensure XDP applications gracefully shut down before the interface link is brought down. Consult your Linux distribution's kernel update mechanism to obtain patched kernel versions; stable kernel branches and distribution-specific backports should incorporate these fixes.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18690 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy