CVE-2026-23445
Description
In the Linux kernel, the following vulnerability has been resolved:
igc: fix page fault in XDP TX timestamps handling
If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported:
[ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] [ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc] [ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc] ...
During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them.
This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's igc driver, a page fault occurs during XDP TX timestamp handling when an XDP application shuts down while the interface link is still up, due to stale xsk_meta pointers left behind after TX ring shutdown.
Vulnerability
Description
CVE-2026-23445 is a vulnerability in the Linux kernel's igc (Intel Gigabit Ethernet) driver. The root cause is that during shutdown of a TX ring, the xsk_meta pointers are not cleaned up, leaving stale references. When an XDP application that requested TX timestamping shuts down while the network interface link is still up, the interrupt handler (igc_tsync_interrupt) attempts to access these stale pointers, leading to a page fault [1][2].
Exploitation
Conditions
An attacker would need to be able to trigger the specific race condition where an XDP application with TX timestamping enabled is terminated while the interface remains operational. This requires local access to the system and the ability to run XDP programs that request hardware timestamps. The vulnerability manifests as a kernel crash (oops) due to the page fault, which can be used to cause a denial of service [3].
Impact
Successful exploitation results in a kernel panic or system crash, leading to a denial of service. The crash is triggered in the interrupt context, making the system unstable and potentially causing data loss or service interruption. The vulnerability does not appear to allow privilege escalation or arbitrary code execution based on the available information [4].
Mitigation
The fix involves cleaning up the stale xsk_meta data during TX ring shutdown, ensuring that the interrupt handler does not attempt to access invalid pointers. The patch has been applied to the stable kernel tree. Users should update their kernel to a version containing the fix (commit 31521c124e64 or equivalent) to mitigate the vulnerability [1][2][3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.10.1,<6.12.78
- cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.