{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23453", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.020Z", "datePublished": "2026-04-03T15:15:35.549Z", "dateUpdated": "2026-05-11T22:07:17.046Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:07:17.046Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode\n\nPage recycling was removed from the XDP_DROP path in emac_run_xdp() to\navoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free()\ninstead.\n\nHowever, this causes a memory leak when running XDP programs that drop\npackets in non-zero-copy mode (standard page pool mode). The pages are\nnever returned to the page pool, leading to OOM conditions.\n\nFix this by handling cleanup in the caller, emac_rx_packet().\nWhen emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the\ncaller now recycles the page back to the page pool. The zero-copy\npath, emac_rx_packet_zc() already handles cleanup correctly with\nxsk_buff_free()."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ti/icssg/icssg_common.c"], "versions": [{"version": "7a64bb388df3cf091afdd047c701039a13acd3b4", "lessThan": "d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5", "status": "affected", "versionType": "git"}, {"version": "7a64bb388df3cf091afdd047c701039a13acd3b4", "lessThan": "719d3e71691db7c4f1658ba5a6d1472928121594", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ti/icssg/icssg_common.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5"}, {"url": "https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594"}], "title": "net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode\n\nPage recycling was removed from the XDP_DROP path in emac_run_xdp() to\navoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free()\ninstead.\n\nHowever, this causes a memory leak when running XDP programs that drop\npackets in non-zero-copy mode (standard page pool mode). The pages are\nnever returned to the page pool, leading to OOM conditions.\n\nFix this by handling cleanup in the caller, emac_rx_packet().\nWhen emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the\ncaller now recycles the page back to the page pool. The zero-copy\npath, emac_rx_packet_zc() already handles cleanup correctly with\nxsk_buff_free()."}], "id": "CVE-2026-23453", "lastModified": "2026-04-27T14:16:33.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-04-03T16:16:31.820", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode", "id": "2454825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454825"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's net: ti: icssg-prueth network driver. When XDP (eXpress Data Path) programs drop packets in non-zero-copy mode, memory pages are not properly returned to the system's page pool. This memory leak can lead to Out of Memory (OOM) conditions, causing a Denial of Service (DoS) on the affected system."], "name": "CVE-2026-23453", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23453\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23453\nhttps://lore.kernel.org/linux-cve-announce/2026040317-CVE-2026-23453-c4f8@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7a64bb388df3cf091afdd047c701039a13acd3b4,d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7a64bb388df3cf091afdd047c701039a13acd3b4,719d3e71691db7c4f1658ba5a6d1472928121594)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T08:53:23.301858+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a release that includes the XDP_DROP memory\u2011leak fix", "If an immediate kernel upgrade is not possible, remove or disable XDP programs that drop packets in non\u2011zero\u2011copy mode from production traffic", "Continuously monitor kernel memory usage and system logs for signs of out\u2011of\u2011memory conditions"], "summary": {"action": "Patch", "impact": "Denial of Service (Out\u2011of\u2011Memory)"}, "threat_synthesis": {"affected_systems": "The flaw exists in the Linux kernel\u2019s TI ICSSG PRU Ethernet driver (net:ti:icssg\u2011prueth). Any Linux kernel release that has not incorporated the patch commit is affected, regardless of distribution. No specific version range is provided, so any kernel before the fix should be considered vulnerable.", "description_and_impact": "When XDP programs drop packets in non\u2011zero\u2011copy mode, the driver no longer recycles the associated page buffers, causing a memory leak that can deplete system memory and trigger an out\u2011of\u2011memory kill. This represents a classic memory\u2011leak weakness (CWE\u2011772) that can lead to a denial\u2011of\u2011service state affecting the entire host because the kernel eventually terminates processes or the system.", "risk_and_exploitability": "The EPSS score for the vulnerability is below 1\u202f%, indicating a low likelihood of exploitation. The CVSS score is 7.5, reflecting a high severity. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need to deliver packets that are processed by an XDP program performing XDP_DROP in standard page\u2011pool mode to trigger the memory leak. Exploitation requires local kernel execution via legitimate traffic rather than a remote code\u2011execution vector."}}}}, "created": "2026-04-03T21:13:45.123386+00:00", "updated": "2026-04-28T09:00:06.532045+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}