CVE-2026-23453Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents7 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 93.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page recycling was removed from the XDP_DROP path in emac_run_xdp() to avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free() instead. However, this causes a memory leak when running XDP programs that drop packets in non-zero-copy mode (standard page pool mode). The pages are never returned to the page pool, leading to OOM conditions. F

Affected Packages2 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux7a64bb388df3cf091afdd047c701039a13acd3b4d16d57dedcb69c1a1257e0638f8698ce1f0ccbe5+2

🔴Vulnerability Details

3
OSV
CVE-2026-23453: In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page rec2026-04-03
GHSA
GHSA-h255-j2q2-5hrg: In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode Page r2026-04-03
CVEList
net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode2026-04-03
Debian
CVE-2026-23453: linux - In the Linux kernel, the following vulnerability has been resolved: net: ti: ic...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23453 Impact, Exploitability, and Mitigation Steps | Wiz