CVE-2026-23389

In icesetringparam, txrings and xdprings are allocated before rxrings. If the allocation of rxrings fails, the code jumps to the done label leaking both txrings and xdprings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the freetx label which releases txrings but leaks xdp_rings.

Fix this by introducing a freexdp label and updating the error paths to ensure both xdprings and txrings are properly freed if rxrings allocation or setup fails.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23389.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fcea6f3da546b93050f3534aadea7bd96c1d7349

Fixed

b23282218eca27b710111460b4964c8a456c6c44

Fixed

63dc317dfcd3faffd082c2bf3080f9ad070273da

Fixed

44ba32a892b72de3faa04b8cfb1f2f1418fdd580

Fixed

fe868b499d16f55bbeea89992edb98043c9de416

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23389.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.17.0

Fixed

6.12.81

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.22

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23389.json"