CVE-2026-23453
Published: 03 April 2026
Summary
CVE-2026-23453 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-6 (Resource Availability) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-23453 is a memory leak vulnerability in the Linux kernel's ti: icssg-prueth driver, which handles networking for Texas Instruments ICSSG PRU Ethernet devices. The issue arises in the XDP_DROP path of emac_run_xdp() when operating in non-zero-copy mode (standard page pool mode). Page recycling was removed to avoid conflicts with AF_XDP zero-copy mode, but this prevents pages from being returned to the page pool, resulting in gradual memory exhaustion and potential out-of-memory (OOM) conditions. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Remote attackers can exploit this vulnerability over the network with low complexity and no privileges or user interaction required. By sending traffic that triggers XDP programs dropping packets in non-zero-copy mode, an attacker can repeatedly leak pages, leading to memory exhaustion, invocation of the OOM killer, and potential denial-of-service through system instability or crashes.
The provided kernel patch commits mitigate the issue by moving cleanup responsibility to the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path in emac_rx_packet_zc() already handles cleanup correctly via xsk_buff_free(). Security practitioners should apply these stable kernel fixes from the referenced commits: https://git.kernel.org/stable/c/719d3e71691db7c4f1658ba5a6d1472928121594 and https://git.kernel.org/stable/c/d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-18706
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses…
more
xsk_buff_free() instead. However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions. Fix this by handling cleanup in the caller, emac_rx_packet(). When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the caller now recycles the page back to the page pool. The zero-copy path, emac_rx_packet_zc() already handles cleanup correctly with xsk_buff_free().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory leak in network driver directly enables remote exploitation for system-wide resource exhaustion and OOM-induced denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the memory leak vulnerability by requiring timely application of kernel patches that restore page recycling in the icssg-prueth driver's XDP_DROP path for non-zero-copy mode.
Protects memory resource availability through allocation, de-allocation, and exhaustion prevention mechanisms, countering the gradual page pool depletion leading to OOM in the affected driver.
Limits the effects of remote DoS attacks exploiting the memory leak by implementing controls to prevent or mitigate network-induced resource exhaustion.