Cyber Resilience

CVE-2026-23445

High

Published: 03 April 2026

Published
03 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23445 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Deeper analysis

CVE-2026-23445 is a vulnerability in the Linux kernel's igc driver that causes a page fault during XDP TX timestamps handling. The issue arises when an XDP application requesting TX timestamping shuts down while the network interface link remains up, leaving stale xsk_meta pointers in the TX ring. This leads to the IRQ handler attempting to access invalid memory, resulting in a kernel splat such as "BUG: unable to handle page fault." The vulnerability affects the igc driver specifically, with TX timestamps on other queues remaining unaffected. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by running an XDP application that requests TX timestamping and then shutting it down while the interface link is active. The low attack complexity and lack of user interaction requirements make it feasible under these conditions. Successful exploitation triggers a kernel page fault, potentially leading to high impacts on confidentiality, integrity, and availability as scored by CVSS.

Mitigation is provided through kernel patches available in stable repositories, such as the commits at https://git.kernel.org/stable/c/31521c124e6488c4a81658e35199feb75a988d86, https://git.kernel.org/stable/c/45b33e805bd39f615d9353a7194b2da5281332df, https://git.kernel.org/stable/c/5e4c90c94eb766d70e30694b7fe66862aabaf24b, and https://git.kernel.org/stable/c/b02fa17d1744d19cd3820bdbf6ec5d85547977bf. These fixes clean up stale xsk_meta data during TX ring shutdown to prevent the IRQ handler from accessing invalid pointers. Security practitioners should apply the relevant stable kernel updates to affected systems using the igc driver.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still…

more

up the following kernel splat is reported: [ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] <TASK> [ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc] [ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc] ... During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them. This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel driver flaw directly enables privilege escalation (T1068) via crafted XDP TX timestamp shutdown and system/application DoS through page fault exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31558Same product: Linux Linux Kernel
CVE-2025-21680Same product: Linux Linux Kernel
CVE-2026-31419Same product: Linux Linux Kernel
CVE-2026-23350Same product: Linux Linux Kernel
CVE-2025-21647Same product: Linux Linux Kernel
CVE-2025-21791Same product: Linux Linux Kernel
CVE-2026-31502Same product: Linux Linux Kernel
CVE-2025-21883Same product: Linux Linux Kernel
CVE-2026-31548Same product: Linux Linux Kernel
CVE-2026-31485Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.10, 7.0 · 6.10.1 — 6.12.78 · 6.13 — 6.18.20 · 6.19 — 6.19.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, reporting, and correcting the igc driver flaw by applying kernel patches that clean up stale xsk_meta pointers during TX ring shutdown to prevent page faults.

prevent

Ensures receipt and timely implementation of Linux kernel security advisories and stable updates addressing CVE-2026-23445 in the igc driver.

prevent

Limits kernel functionality by prohibiting or restricting non-essential XDP TX timestamping in the igc driver, avoiding the shutdown scenario that leaves stale pointers.

References