Description

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the allocation of rx_rings fails, the code jumps to the done label leaking both tx_rings and xdp_rings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the free_tx label which releases tx_rings but leaks xdp_rings. Fix this by introducing a free_xdp label and updating the error paths to ensure both xdp_rings and tx_rings are properly freed if rx_rings allocation or setup fails. Compile tested only. Issue found using a prototype static analysis tool and code review.

INFO

Published Date :

2026-03-25T10:28:06.991Z

Last Modified :

2026-04-27T13:56:14.982Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23389 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23389.

URL Resource
https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580 cve-icon cve-icon
https://git.kernel.org/stable/c/63dc317dfcd3faffd082c2bf3080f9ad070273da cve-icon cve-icon
https://git.kernel.org/stable/c/b23282218eca27b710111460b4964c8a456c6c44 cve-icon cve-icon
https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23389-2056@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23389 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23389 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact