CVE-2026-23445

If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported:

[ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] <TASK> [ 883.803654] [ T1554] igcptptxtstampevent+0xdf/0x160 [igc] [ 883.803660] [ T1554] igctsyncinterrupt+0x2d5/0x300 [igc] ...

During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them.

This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23445.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

15fd021bc4270273d8f4b7f58fdda8a16214a377

Fixed

5e4c90c94eb766d70e30694b7fe66862aabaf24b

Fixed

31521c124e6488c4a81658e35199feb75a988d86

Fixed

b02fa17d1744d19cd3820bdbf6ec5d85547977bf

Fixed

45b33e805bd39f615d9353a7194b2da5281332df

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23445.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.10.0

Fixed

6.12.78

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.20

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23445.json"