CVE-2026-23453

Vulnerability

A memory leak vulnerability exists in the Linux kernel's ICSSG PRUETH driver (net: ti: icssg-prueth) when XDP_DROP is used in non-zero-copy mode. The root cause is that page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead. However, this removal causes pages to never be returned to the page pool in standard page pool mode, leading to gradual memory exhaustion.

Exploitation

An attacker can trigger this vulnerability by sending network packets that are processed by an XDP program using the drop action on a system running the affected driver. No authentication is required; the attacker only needs network access to send packets to the vulnerable interface. Each dropped packet leaks one page, and over time this depletes available memory.

Impact

Successful exploitation results in a denial of service (DoS) due to out-of-memory (OOM) conditions. The system may become unresponsive or crash as memory is exhausted.

Mitigation

The fix is implemented in Linux kernel stable commits. The commit [1] and [2] modify emac_rx_packet() to recycle the page back to the page pool when emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP. The zero-copy path (emac_rx_packet_zc()) already handles cleanup correctly. Users should apply the latest stable kernel updates to remediate the vulnerability.