{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23389", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.008Z", "datePublished": "2026-03-25T10:28:06.991Z", "dateUpdated": "2026-05-11T22:05:55.948Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:55.948Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_ethtool.c"], "versions": [{"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "e0c211a0c26159058303712d6b4fbd1c88835e6d", "status": "affected", "versionType": "git"}, {"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "b23282218eca27b710111460b4964c8a456c6c44", "status": "affected", "versionType": "git"}, {"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "63dc317dfcd3faffd082c2bf3080f9ad070273da", "status": "affected", "versionType": "git"}, {"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "44ba32a892b72de3faa04b8cfb1f2f1418fdd580", "status": "affected", "versionType": "git"}, {"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349", "lessThan": "fe868b499d16f55bbeea89992edb98043c9de416", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_ethtool.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.136", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.81", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.6.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.12.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e0c211a0c26159058303712d6b4fbd1c88835e6d"}, {"url": "https://git.kernel.org/stable/c/b23282218eca27b710111460b4964c8a456c6c44"}, {"url": "https://git.kernel.org/stable/c/63dc317dfcd3faffd082c2bf3080f9ad070273da"}, {"url": "https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580"}, {"url": "https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416"}], "title": "ice: Fix memory leak in ice_set_ringparam()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB00FA77-1A3D-4E2C-99B3-4BC4E748DDFF", "versionEndExcluding": "6.12.81", "versionStartIncluding": "4.17.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9DF8BCE-36D3-475D-9D21-19E4F02F9029", "versionEndExcluding": "6.18.22", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.17:-:*:*:*:*:*:*", "matchCriteriaId": "3F438846-FE97-43DC-A655-B5EF8DED552E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nice: Correcci\u00f3n de fuga de memoria en ice_set_ringparam()\n\nEn ice_set_ringparam, tx_rings y xdp_rings se asignan antes de rx_rings. Si la asignaci\u00f3n de rx_rings falla, el c\u00f3digo salta a la etiqueta done provocando una fuga tanto de tx_rings como de xdp_rings. Adem\u00e1s, si la configuraci\u00f3n de un anillo Rx individual falla durante el bucle, el c\u00f3digo salta a la etiqueta free_tx, que libera tx_rings pero provoca una fuga de xdp_rings.\n\nEsto se corrige introduciendo una etiqueta free_xdp y actualizando las rutas de error para asegurar que tanto xdp_rings como tx_rings se liberen correctamente si la asignaci\u00f3n o configuraci\u00f3n de rx_rings falla.\n\nProbado solo en compilaci\u00f3n. Problema encontrado utilizando una herramienta prototipo de an\u00e1lisis est\u00e1tico y revisi\u00f3n de c\u00f3digo."}], "id": "CVE-2026-23389", "lastModified": "2026-04-27T14:16:30.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:39.440", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/63dc317dfcd3faffd082c2bf3080f9ad070273da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b23282218eca27b710111460b4964c8a456c6c44"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e0c211a0c26159058303712d6b4fbd1c88835e6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ice: Fix memory leak in ice_set_ringparam()", "id": "2451263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451263"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-763", "details": ["A flaw was found in the Linux kernel's ice component. During the setup of ring parameters in the `ice_set_ringparam()` function, certain error paths fail to properly deallocate previously allocated memory for transmit and XDP rings. This memory leak can accumulate over time, potentially leading to resource exhaustion and a Denial of Service (DoS) for the system."], "name": "CVE-2026-23389", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23389\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23389\nhttps://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23389-2056@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[fcea6f3da546b93050f3534aadea7bd96c1d7349,44ba32a892b72de3faa04b8cfb1f2f1418fdd580)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[fcea6f3da546b93050f3534aadea7bd96c1d7349,fe868b499d16f55bbeea89992edb98043c9de416)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.17"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.17)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T09:05:21.160179+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that contains the committed patch.", "Apply the patch manually if running a custom kernel; the patch is available at the provided Git refs.", "Reboot the system after updating to ensure the new driver is loaded and memory leaks are fixed.", "If updating is delayed, monitor kernel memory usage and consider disabling the ICE driver if the network interface is not needed."], "summary": {"action": "Apply Patch", "impact": "Resource Exhaustion / Denial of Service via memory leak"}, "threat_synthesis": {"affected_systems": "All Linux kernels that include the vulnerable ice driver code, such as the mainline kernel series prior to the application of the fix. The issue affects drivers for Intel\u2019s ICE network interface controller. No explicit version boundaries are supplied in the advisory, so any kernel with the unpatched code is potentially affected.", "description_and_impact": "The vulnerability is a memory leak in the ice network device driver that occurs during ring parameter configuration. When allocation of rx rings fails or a ring setup fails, the driver fails to free previously allocated tx and xdp rings, causing memory to remain allocated in kernel space. This uncontrolled memory consumption can lead to kernel memory exhaustion, potentially resulting in a denial of service or degraded performance. The weakness is a code/resource deallocation problem (CWE\u2011763) and a memory leak (CWE\u2011401).", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score below 1\u202f% shows a low probability of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires privilege to invoke ice_set_ringparam, which is generally accessible to processes with sufficient capabilities or root. The likely attack path therefore appears to be a local privilege or kernel\u2011module escalation scenario rather than a remote trigger. Given the moderate score, low exploit likelihood, and the fact that the defect relates only to resource management, the overall risk remains moderate, but can pose a denial\u2011of\u2011service threat under sustained abuse."}}}}, "created": "2026-03-25T21:31:27.208654+00:00", "updated": "2026-04-28T09:15:09.681482+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}