CVE-2026-23122 Overview
A vulnerability has been resolved in the Linux kernel's igc (Intel I225/I226 Ethernet Controller) driver related to Time-Sensitive Networking (TSN) TX packet buffer configuration. The previous buffer allocation of 7 KB per queue caused TX unit hangs under heavy timestamping load conditions. This issue affects systems utilizing TSN functionality on Intel I225 and I226 network controllers, potentially leading to denial of service conditions when the network interface becomes unresponsive.
Critical Impact
Systems running affected Linux kernel versions with Intel I225/I226 network controllers may experience TX unit hangs and network interface unavailability under heavy TSN timestamping workloads, causing denial of service conditions.
Affected Products
- Linux kernel with igc driver (Intel I225/I226 Ethernet Controllers)
- Systems utilizing Time-Sensitive Networking (TSN) functionality
- Devices with Intel I225 or I226 network interface controllers
Discovery Timeline
- 2026-02-14 - CVE-2026-23122 published to NVD
- 2026-02-18 - Last updated in NVD database
Technical Details for CVE-2026-23122
Vulnerability Analysis
The vulnerability exists within the igc driver's TSN TX packet buffer configuration. The driver previously allocated 7 KB per queue for TSN TX packet buffering, which proved insufficient to handle heavy timestamping loads. Under stress conditions, this configuration caused the TX unit to hang, effectively rendering the network interface non-functional.
The fix reduces the TSN TX packet buffer from 7 KB to 5 KB per queue, which aligns with the TSN recommendations specified in the Intel I225/I226 Software User Manual Section 7.5.4. This change frees approximately 8 KB of buffer space which remains currently unused. The reduction is not expected to impact throughput performance, as the Intel i226 controller is PCIe-limited for small TSN packets rather than TX-buffer-limited.
Root Cause
The root cause of this vulnerability is an improper buffer size configuration in the igc driver. The 7 KB per queue allocation exceeded the optimal buffer size recommended by Intel for TSN operations, creating conditions where the TX unit could become overwhelmed and hang when processing heavy timestamping workloads. The buffer size did not conform to the vendor's documented specifications in the I225/I226 SW User Manual.
Attack Vector
This vulnerability primarily manifests as a local denial of service condition. An attacker or heavy workload scenario capable of generating significant TSN timestamping traffic could trigger the TX unit hang condition. The attack vector involves:
- Identifying systems with Intel I225/I226 network controllers running affected kernel versions
- Generating heavy TSN timestamping load to the affected interface
- Causing the TX unit to hang, resulting in network interface unavailability
The vulnerability can be triggered through legitimate high-load TSN operations or potentially through crafted network traffic designed to maximize timestamping operations.
Detection Methods for CVE-2026-23122
Indicators of Compromise
- Network interface unavailability or unresponsiveness on Intel I225/I226 controllers
- System logs showing TX unit hang messages related to the igc driver
- Timestamping operations failing or timing out
- Network performance degradation during TSN operations
Detection Strategies
- Monitor kernel logs for igc driver error messages indicating TX unit hangs
- Track network interface availability and responsiveness on affected hardware
- Implement alerting for sudden network interface failures on systems with I225/I226 controllers
- Review system logs for patterns of network interface resets or recoveries
Monitoring Recommendations
- Enable detailed logging for the igc driver module
- Monitor network interface statistics for anomalies in TX queue behavior
- Implement network health checks for systems utilizing TSN functionality
- Track kernel version and driver versions across affected infrastructure
How to Mitigate CVE-2026-23122
Immediate Actions Required
- Update the Linux kernel to a patched version containing the fix
- Review systems for Intel I225/I226 network controllers that may be affected
- Monitor affected systems for signs of TX unit hang conditions
- Consider reducing TSN timestamping load on vulnerable systems until patching is complete
Patch Information
The vulnerability has been resolved through kernel patches that reduce the TSN TX packet buffer from 7 KB to 5 KB per queue. The patches are available through the Linux kernel stable tree:
Organizations should apply these patches through their standard kernel update procedures or wait for their Linux distribution to release updated kernel packages.
Workarounds
- Reduce TSN timestamping workload on affected systems to minimize risk of triggering the vulnerability
- Consider temporarily disabling TSN functionality if it is not critical for operations
- Implement network redundancy to maintain connectivity if the primary interface becomes unavailable
- Monitor affected interfaces closely and implement automated recovery procedures
# Check if your system has an affected Intel I225/I226 controller
lspci | grep -i "I225\|I226"
# Check the currently loaded igc driver version
modinfo igc | grep -E "^(version|srcversion)"
# Monitor for TX hang issues in kernel logs
dmesg | grep -i "igc\|tx.*hang"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
