CVE-2026-23389Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference9 documents8 sources
Severity
6.2MEDIUM
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the allocation of rx_rings fails, the code jumps to the done label leaking both tx_rings and xdp_rings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the free_tx label which releases tx_rings but leaks xdp_rings. Fix this by introducing a free_xdp label and up

Affected Packages3 packages

Linuxlinux/linux_kernel4.17.06.19.7
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxfcea6f3da546b93050f3534aadea7bd96c1d7349b23282218eca27b710111460b4964c8a456c6c44+4

🔴Vulnerability Details

4
CVEList
ice: Fix memory leak in ice_set_ringparam()2026-03-25
OSV
ice: Fix memory leak in ice_set_ringparam()2026-03-25
OSV
CVE-2026-23389: In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp2026-03-25
GHSA
GHSA-4r22-fj9f-vv8r: In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and x2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: ice: Fix memory leak in ice_set_ringparam()2026-03-25
Microsoft
ice: Fix memory leak in ice_set_ringparam()2026-03-10
Debian
CVE-2026-23389: linux - In the Linux kernel, the following vulnerability has been resolved: ice: Fix me...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23389 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23389 — Linux vulnerability | cvebase