CVE-2026-23389

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23389
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23389.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23389
Downstream
Published
2026-03-25T10:28:06.991Z
Modified
2026-04-02T13:12:23.806180Z
Summary
ice: Fix memory leak in ice_set_ringparam()
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix memory leak in icesetringparam()

In icesetringparam, txrings and xdprings are allocated before rxrings. If the allocation of rxrings fails, the code jumps to the done label leaking both txrings and xdprings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the freetx label which releases txrings but leaks xdp_rings.

Fix this by introducing a freexdp label and updating the error paths to ensure both xdprings and txrings are properly freed if rxrings allocation or setup fails.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23389.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fcea6f3da546b93050f3534aadea7bd96c1d7349
Fixed
44ba32a892b72de3faa04b8cfb1f2f1418fdd580
Fixed
fe868b499d16f55bbeea89992edb98043c9de416

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23389.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.17.0
Fixed
6.19.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23389.json"