diff --git a/components/heap/test/test_corruption_check.c b/components/heap/test/test_corruption_check.c
index 9c4dd47eb2..3bd5575a0d 100644
--- a/components/heap/test/test_corruption_check.c
+++ b/components/heap/test/test_corruption_check.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Unlicense OR CC0-1.0
  */
@@ -66,3 +66,53 @@ TEST_CASE("multi_heap poisoning detection", "[heap]")
         TEST_ASSERT_TRUE(is_heap_ok);
     }
 }
+
+#if !defined(CONFIG_HEAP_TLSF_USE_ROM_IMPL)
+
+#ifdef CONFIG_HEAP_TASK_TRACKING
+#define HEAD_CANARY_OFFSET  3 // head canary | task tracking | allocated size
+#else
+#define HEAD_CANARY_OFFSET  2 // head canary | allocated size
+#endif // CONFIG_HEAP_TASK_TRACKING
+
+#define TAIL_CANARY_OFFSET 1
+
+/* This test will corrupt the canary of a allocated memory block and call the
+ * heap_caps_check_integrity() function to check that the corruption is detected.
+ */
+TEST_CASE("canary corruption in light or comprehensive poisoning mode", "[heap]")
+{
+    const uint8_t allocation_size = 1 * sizeof(uint32_t);
+    /* malloc some memory to get a pointer */
+    uint32_t *ptr = heap_caps_malloc(allocation_size, MALLOC_CAP_DEFAULT);
+    TEST_ASSERT_NOT_NULL(ptr);
+
+    /* corrupt the head canary */
+    uint32_t canary = ptr[-HEAD_CANARY_OFFSET];
+    ptr[-HEAD_CANARY_OFFSET] = 0xdeadbeef;
+
+    /* call the integrity check function and verify that it returns 0 (corruption detected) */
+    bool is_corrupted = !heap_caps_check_integrity(MALLOC_CAP_DEFAULT, false);
+    TEST_ASSERT_TRUE(is_corrupted);
+
+    /* fix the head canary */
+    ptr[-HEAD_CANARY_OFFSET] = canary;
+
+    /* re run the corruption check to make sure the function returns no corruption */
+    is_corrupted = !heap_caps_check_integrity(MALLOC_CAP_DEFAULT, false);
+    TEST_ASSERT_FALSE(is_corrupted);
+
+    /* corrupt tail canary */
+    canary = ptr[TAIL_CANARY_OFFSET];
+    ptr[TAIL_CANARY_OFFSET] = 0xdeadbeef;
+
+    /* call the integrity check function and verify that it returns 0 (corruption detected) */
+    is_corrupted = !heap_caps_check_integrity(MALLOC_CAP_DEFAULT, false);
+    TEST_ASSERT_TRUE(is_corrupted);
+
+    /* clear the corruption and free the pointer before returning */
+    ptr[TAIL_CANARY_OFFSET] = canary;
+    heap_caps_free(ptr);
+}
+
+#endif // !CONFIG_HEAP_TLSF_USE_ROM_IMPL
diff --git a/components/heap/tlsf b/components/heap/tlsf
index 8c9cd0517a..d2e28f8724 160000
--- a/components/heap/tlsf
+++ b/components/heap/tlsf
@@ -1 +1 @@
-Subproject commit 8c9cd0517adf99e363812e9a295dfe3898fdd345
+Subproject commit d2e28f872472ffc6a704faae65ddee1f24e2dfba