CVE-2026-23453
Received Received - Intake
Memory Leak in Linux Kernel ICSSG XDP_DROP Non-Zero-Copy Mode

Publication date: 2026-04-03

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead. However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions. Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-27
Generated
2026-05-07
AI Q&A
2026-04-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23453
EUVD
EUVD-2026-18706
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's network code related to the ti: icssg-prueth driver. Specifically, it involves a memory leak in the XDP_DROP path when operating in non-zero-copy mode (standard page pool mode).

The issue arises because pages that are dropped by XDP programs are not properly returned to the page pool, causing memory to be leaked. This happens because page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with zero-copy mode, but the cleanup was not handled correctly for non-zero-copy mode.

The fix involves ensuring that when emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller function emac_rx_packet() recycles the page back to the page pool, preventing the memory leak.


How can this vulnerability impact me? :

This vulnerability can lead to a memory leak in systems running the affected Linux kernel network driver in non-zero-copy mode with XDP programs that drop packets.

Over time, the leaked memory accumulates because pages are not returned to the page pool, which can cause the system to run out of memory (OOM conditions). This can degrade system performance, cause instability, or even lead to crashes.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the memory leak in the XDP_DROP path for non-zero-copy mode in the icssg-prueth driver.

The fix ensures that pages dropped by XDP programs in non-zero-copy mode are properly recycled back to the page pool, preventing out-of-memory conditions caused by the leak.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart