Description
In the Linux kernel, the following vulnerability has been resolved:

ice: Fix memory leak in ice_set_ringparam()

In ice_set_ringparam, tx_rings and xdp_rings are allocated before
rx_rings. If the allocation of rx_rings fails, the code jumps to
the done label leaking both tx_rings and xdp_rings. Furthermore, if
the setup of an individual Rx ring fails during the loop, the code jumps
to the free_tx label which releases tx_rings but leaks xdp_rings.

Fix this by introducing a free_xdp label and updating the error paths to
ensure both xdp_rings and tx_rings are properly freed if rx_rings
allocation or setup fails.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Resource Exhaustion / Denial of Service via memory leak
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a memory leak in the ice network device driver that occurs during ring parameter configuration. When allocation of rx rings fails or a ring setup fails, the driver fails to free previously allocated tx and xdp rings, causing memory to remain allocated in kernel space. This uncontrolled memory consumption can lead to kernel memory exhaustion, potentially resulting in a denial of service or degraded performance. The weakness is a code/resource deallocation problem (CWE‑763).

Affected Systems

All Linux kernels that include the vulnerable ice driver code, such as the mainline kernel series prior to the application of the fix. The issue affects drivers for Intel’s ICE network interface controller. No explicit version boundaries are supplied in the advisory, so any kernel with the unpatched code is potentially affected.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score below 1 % shows a low probability of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires privilege to invoke ice_set_ringparam, which is generally accessible to processes with sufficient capabilities or root. The likely attack path therefore appears to be a local privilege or kernel‑module escalation scenario rather than a remote trigger. Given the moderate score, low exploit likelihood, and the fact that the defect relates only to resource management, the overall risk remains moderate, but can pose a denial‑of‑service threat under sustained abuse.

Generated by OpenCVE AI on March 26, 2026 at 14:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the committed patch.
  • Apply the patch manually if running a custom kernel; the patch is available at the provided Git refs.
  • Reboot the system after updating to ensure the new driver is loaded and memory leaks are fixed.
  • If updating is delayed, monitor kernel memory usage and consider disabling the ICE driver if the network interface is not needed.

Generated by OpenCVE AI on March 26, 2026 at 14:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-772

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-772

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the allocation of rx_rings fails, the code jumps to the done label leaking both tx_rings and xdp_rings. Furthermore, if the setup of an individual Rx ring fails during the loop, the code jumps to the free_tx label which releases tx_rings but leaks xdp_rings. Fix this by introducing a free_xdp label and updating the error paths to ensure both xdp_rings and tx_rings are properly freed if rx_rings allocation or setup fails. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title ice: Fix memory leak in ice_set_ringparam()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-03-25T10:28:06.991Z

Reserved: 2026-01-13T15:37:46.008Z

Link: CVE-2026-23389

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:39.440

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23389

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23389 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:47:17Z

Weaknesses