VYPR
Medium severity5.5NVD Advisory· Published Mar 25, 2026· Updated Jun 1, 2026

CVE-2026-23389

CVE-2026-23389

Description

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix memory leak in ice_set_ringparam()

In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the allocation of rx_rings fails, the code jumps to the done label leaking both tx_rings and xdp_rings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the free_tx label which releases tx_rings but leaks xdp_rings.

Fix this by introducing a free_xdp label and updating the error paths to ensure both xdp_rings and tx_rings are properly freed if rx_rings allocation or setup fails.

Compile tested only. Issue found using a prototype static analysis tool and code review.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Linux/Kernel10 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.17.1,<6.12.81
    • cpe:2.3:o:linux:linux_kernel:4.17:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
    • (no CPE)
  • osv-coords
    Range: >= 4.17.0, < 6.19.7

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.