CVE-2026-23453
Analyzed Analyzed - Analysis Complete
Memory Leak in Linux Kernel ICSSG XDP_DROP Non-Zero-Copy Mode

Publication date: 2026-04-03

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead. However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions. Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23453
EUVD
EUVD-2026-18706
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's network code related to the ti: icssg-prueth driver. Specifically, it involves a memory leak in the XDP_DROP path when operating in non-zero-copy mode (standard page pool mode).

The issue arises because pages that are dropped by XDP programs are not properly returned to the page pool, causing memory to be leaked. This happens because page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with zero-copy mode, but the cleanup was not handled correctly for non-zero-copy mode.

The fix involves ensuring that when emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller function emac_rx_packet() recycles the page back to the page pool, preventing the memory leak.

Impact Analysis

This vulnerability can lead to a memory leak in systems running the affected Linux kernel network driver in non-zero-copy mode with XDP programs that drop packets.

Over time, the leaked memory accumulates because pages are not returned to the page pool, which can cause the system to run out of memory (OOM conditions). This can degrade system performance, cause instability, or even lead to crashes.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the memory leak in the XDP_DROP path for non-zero-copy mode in the icssg-prueth driver.

The fix ensures that pages dropped by XDP programs in non-zero-copy mode are properly recycled back to the page pool, preventing out-of-memory conditions caused by the leak.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23453. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart