{ "threat_severity" : "Moderate", "public_date" : "2026-04-03T00:00:00Z", "bugzilla" : { "description" : "kernel: igc: fix page fault in XDP TX timestamps handling", "id" : "2454804", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2454804" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-459", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nigc: fix page fault in XDP TX timestamps handling\nIf an XDP application that requested TX timestamping is shutting down\nwhile the link of the interface in use is still up the following kernel\nsplat is reported:\n[ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008\n...\n[ 883.803650] [ T1554] Call Trace:\n[ 883.803652] [ T1554] \n[ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc]\n[ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc]\n...\nDuring shutdown of the TX ring the xsk_meta pointers are left behind, so\nthat the IRQ handler is trying to touch them.\nThis issue is now being fixed by cleaning up the stale xsk meta data on\nTX shutdown. TX timestamps on other queues remain unaffected.", "A flaw was found in the Linux kernel's igc network driver. When an XDP (eXpress Data Path) application that requests transmit (TX) timestamping is shut down while the network interface link remains active, the driver fails to properly clear stale `xsk_meta` pointers. This improper cleanup can lead to a page fault, potentially causing a system crash and resulting in a Denial of Service (DoS)." ], "statement" : "The fault happens in the interrupt path when TX timestamp metadata outlives ring teardown. Only hosts using Intel IGC with XDP TX timestamping hit this path. Normal networking without that feature combination is unaffected.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23445\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23445\nhttps://lore.kernel.org/linux-cve-announce/2026040315-CVE-2026-23445-d003@gregkh/T" ], "name" : "CVE-2026-23445", "mitigation" : { "value" : "To mitigate this issue, prevent the igc module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.", "lang" : "en:us" }, "csaw" : false }