{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23389", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.008Z", "datePublished": "2026-03-25T10:28:06.991Z", "dateUpdated": "2026-03-25T10:28:06.991Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:28:06.991Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_ethtool.c"], "versions": [{"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "44ba32a892b72de3faa04b8cfb1f2f1418fdd580", "status": "affected", "versionType": "git"}, {"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "fe868b499d16f55bbeea89992edb98043c9de416", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_ethtool.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580"}, {"url": "https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416"}], "title": "ice: Fix memory leak in ice_set_ringparam()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}], "id": "CVE-2026-23389", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:39.440", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ice: Fix memory leak in ice_set_ringparam()", "id": "2451263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451263"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-763", "details": ["A flaw was found in the Linux kernel's ice component. During the setup of ring parameters in the `ice_set_ringparam()` function, certain error paths fail to properly deallocate previously allocated memory for transmit and XDP rings. This memory leak can accumulate over time, potentially leading to resource exhaustion and a Denial of Service (DoS) for the system."], "name": "CVE-2026-23389", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23389\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23389\nhttps://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23389-2056@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-03-25T11:51:33.803099+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the fixed implementation of ice_set_ringparam(), or apply the specific patch from commit 44ba32a892b72de3faa04b8cfb1f2f1418fdd580 to the kernel source and rebuild."], "summary": {"action": "Apply Patch", "impact": "Memory Leaks Causing Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "The issue affects all Linux kernels that include the ice driver before the patch was applied. The CNA vendor information lists Linux:Linux, indicating that any distribution using the upstream Linux kernel is impacted. No specific version range is provided, so any kernel that has not incorporated the patch referred to in the commits is vulnerable.", "description_and_impact": "A flaw in the ice network driver causes memory allocated for Tx and XDP rings to be leaked when allocating or initializing Rx rings fails. The missing cleanup can lead to unchecked memory growth on a system that uses the ice driver, potentially degrading performance or resulting in a denial\u2011of\u2011service scenario if the kernel runs out of memory. The vulnerability does not provide an attacker with arbitrary code execution but can affect the stability and availability of the host.", "risk_and_exploitability": "Because the vulnerability is triggered during the normal initialization of the ice network interface, an attacker would need legitimate access to configure or reset such an interface. The exploit is limited to causing resource exhaustion and is unlikely to be remotely triggered without direct device access. The CVSS score is not supplied, and EPSS data are unavailable; the vulnerability is not listed in CISA\u2019s KEV catalog. The risk is therefore considered moderate, primarily impacting availability rather than confidentiality or integrity."}}}}, "created": "2026-03-25T21:31:27.208654+00:00", "updated": "2026-03-25T21:31:27.208700+00:00", "vendors": [], "weaknesses": ["CWE-772", "CWE-401"]}