CVE-2026-23453 Linux CVE debrief

Who should care

Organizations running Linux kernel 6.19.x or 7.0-rc series on systems with Texas Instruments ICSSG PRU Ethernet hardware, particularly those deploying XDP programs that drop packets (XDP_DROP action). This includes industrial automation systems, embedded networking devices, and any infrastructure utilizing TI Sitara processors with PRU-ICSSG Ethernet offload. System administrators and kernel maintainers responsible for memory-constrained embedded systems should prioritize this fix due to the potential for rapid memory exhaustion under network load.

Technical summary

The icssg-prueth driver in the Linux kernel contains a memory leak in its XDP (eXpress Data Path) handling code. Specifically, when an XDP program returns XDP_DROP in non-zero-copy mode, the page containing the packet data is not recycled back to the page pool. This occurs because page recycling was previously removed from emac_run_xdp() to accommodate AF_XDP zero-copy mode's use of xsk_buff_free(). The fix relocates page recycling to the caller emac_rx_packet(), which now handles returning pages to the pool when ICSSG_XDP_CONSUMED is returned. The zero-copy path emac_rx_packet_zc() was unaffected as it already uses xsk_buff_free() correctly. Affected versions include Linux 6.19.0-6.19.9 and 7.0-rc1 through 7.0-rc4. The vulnerability can lead to OOM conditions under sustained network traffic with XDP_DROP programs.

Defensive priority

HIGH

Recommended defensive actions

• Apply the relevant kernel patch from the stable kernel tree to affected systems running Linux kernel versions 6.19.0 through 6.19.9 or 7.0-rc1 through 7.0-rc4
• If immediate patching is not feasible, consider disabling XDP programs on affected icssg-prueth interfaces or migrating to zero-copy mode if hardware and use case permit
• Monitor system memory usage on affected systems running XDP_DROP programs for signs of memory exhaustion
• Upgrade to Linux kernel 6.19.10 or later, or 7.0-rc5 or later, which contain the fix
• Review XDP program deployments on TI ICSSG PRU Ethernet hardware to assess exposure to this memory leak condition

Evidence notes

The vulnerability description indicates this was a regression introduced when page recycling was removed from the XDP_DROP path in emac_run_xdp(). The fix involves handling cleanup in the caller emac_rx_packet() when ICSSG_XDP_CONSUMED is returned for XDP_DROP operations. Two patch commits are referenced. CPE criteria specify affected versions: Linux kernel 6.19.0 through 6.19.9, and 7.0-rc1 through 7.0-rc4. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network attack vector with low complexity, no privileges required, no user interaction, and high availability impact. CWE-401 (Missing Release of Memory after Effective Lifetime) is the assigned weakness.

Official resources