CVE-2026-23389
MEDIUMLinux kernel - Memory Leak in ice_set_ringparam()
Title source: manualDescription
In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the allocation of rx_rings fails, the code jumps to the done label leaking both tx_rings and xdp_rings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the free_tx label which releases tx_rings but leaks xdp_rings. Fix this by introducing a free_xdp label and updating the error paths to ensure both xdp_rings and tx_rings are properly freed if rx_rings allocation or setup fails. Compile tested only. Issue found using a prototype static analysis tool and code review.
References (6)
Core 6
Core References
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (19)
linux/Kernel
4.17.0 - 6.19.7linux
Linux/Linux
< 4.17
Linux/Linux
4.17
Linux/Linux
6.1.175 - 6.1.*
Linux/Linux
6.12.81 - 6.12.*
Linux/Linux
6.18.22 - 6.18.*
Linux/Linux
6.19.7 - 6.19.*
Linux/Linux
6.6.136 - 6.6.*
Linux/Linux
7.0
Linux/Linux
7.0-rc3
... and 9 more
Published
Mar 25, 2026
Tracked Since
Mar 25, 2026