Skip to main content

Linux CVE-2026-23389

| EUVDEUVD-2026-15390 MEDIUM
Memory Leak (CWE-401)
2026-03-25 Linux GHSA-4r22-fj9f-vv8r
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15390
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:28 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix memory leak in ice_set_ringparam()

In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the allocation of rx_rings fails, the code jumps to the done label leaking both tx_rings and xdp_rings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the free_tx label which releases tx_rings but leaks xdp_rings.

Fix this by introducing a free_xdp label and updating the error paths to ensure both xdp_rings and tx_rings are properly freed if rx_rings allocation or setup fails.

Compile tested only. Issue found using a prototype static analysis tool and code review.

AnalysisAI

A memory leak vulnerability exists in the Linux kernel's ice driver in the ice_set_ringparam() function, where dynamically allocated tx_rings and xdp_rings are not properly freed when subsequent rx_rings allocation or setup fails. This affects all Linux kernel versions with the vulnerable ice driver code path, and while memory leaks typically enable denial of service through resource exhaustion rather than direct code execution, the impact depends on exploitation frequency and system memory constraints. No active exploitation or proof-of-concept has been publicly disclosed; the vulnerability was discovered through static analysis and code review rather than in-the-wild detection.

Technical ContextAI

The vulnerability resides in the Intel ice Ethernet driver (affected via CPE cpe:2.3:a:linux:linux), specifically in the ring parameter configuration function that manages transmit rings (tx_rings), receive rings (rx_rings), and XDP (eXpress Data Path) rings. The root cause is a control flow issue classified under improper resource cleanup (related to CWE-401 Missing Release of Memory after Effective Lifetime), where multiple allocation paths lack proper error handling and rollback logic. When ice_set_ringparam() attempts to allocate tx_rings and xdp_rings sequentially followed by rx_rings, a failure in rx_rings allocation or during rx ring setup loops causes execution to jump to error labels that do not free all previously allocated resources, leaving xdp_rings orphaned in memory. The vulnerability requires intimate knowledge of Linux kernel ring buffer management and affects any system using the ice driver for network interface configuration.

RemediationAI

Apply the official Linux kernel patch by upgrading to a kernel version that includes commit 44ba32a892b72de3faa04b8cfb1f2f1418fdd580 or the stable branch commit fe868b499d16f55bbeea89992edb98043c9de416, available via https://git.kernel.org/stable/. Alternatively, contact your distribution vendor (Red Hat, Canonical, SUSE, etc.) for a patched kernel package for your specific release. For systems unable to patch immediately, mitigate by restricting access to ethtool ring parameter configuration commands via filesystem permissions or SELinux policies to prevent unprivileged users from triggering the allocation path repeatedly. Monitor system memory usage on affected systems for signs of unexplained memory consumption if ring parameter reconfigurations are frequent.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23389 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy