1. Home
  2. Vulnerabilities
  3. CVE-2026-23326
0.0
NA
CVE-2026-23326
xsk: Fix fragment node deletion to prevent buffer leak
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix fragment node deletion to prevent buffer leak After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"), the list_node field is reused for both the xskb pool list and the buffer free list, this causes a buffer leak as described below. xp_free() checks if a buffer is already on the free list using list_empty(&xskb->list_node). When list_del() is used to remove a node from the xskb pool list, it doesn't reinitialize the node pointers. This means list_empty() will return false even after the node has been removed, causing xp_free() to incorrectly skip adding the buffer to the free list. Fix this by using list_del_init() instead of list_del() in all fragment handling paths, this ensures the list node is reinitialized after removal, allowing the list_empty() to work correctly.

Details
INFO

Published Date :

March 25, 2026, 11:16 a.m.

Last Modified :

March 25, 2026, 11:16 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-23326 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Reinitialize list node pointers after removal to prevent buffer leaks.
  • Use list_del_init() instead of list_del().
  • Ensure fragment handling paths use the corrected function.
  • Apply kernel updates that include this fix.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-23326.

URL Resource
https://git.kernel.org/stable/c/2a9ea988465ece5b6896b1bdc144170a64e84c35
https://git.kernel.org/stable/c/5172adf9efb8298a52f4dcdc3f98d4d9d1e06a6d
https://git.kernel.org/stable/c/60abb0ac11dccd6b98fd9182bc5f85b621688861
https://git.kernel.org/stable/c/645c6d8376ad4913cbffe0e0c2cca0c4febbe596
https://git.kernel.org/stable/c/b38cbd4af5034635cff109e08788c63f956f3a69
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-23326 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-23326 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-23326 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-23326 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 25, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: xsk: Fix fragment node deletion to prevent buffer leak After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"), the list_node field is reused for both the xskb pool list and the buffer free list, this causes a buffer leak as described below. xp_free() checks if a buffer is already on the free list using list_empty(&xskb->list_node). When list_del() is used to remove a node from the xskb pool list, it doesn't reinitialize the node pointers. This means list_empty() will return false even after the node has been removed, causing xp_free() to incorrectly skip adding the buffer to the free list. Fix this by using list_del_init() instead of list_del() in all fragment handling paths, this ensures the list node is reinitialized after removal, allowing the list_empty() to work correctly.
    Added Reference https://git.kernel.org/stable/c/2a9ea988465ece5b6896b1bdc144170a64e84c35
    Added Reference https://git.kernel.org/stable/c/5172adf9efb8298a52f4dcdc3f98d4d9d1e06a6d
    Added Reference https://git.kernel.org/stable/c/60abb0ac11dccd6b98fd9182bc5f85b621688861
    Added Reference https://git.kernel.org/stable/c/645c6d8376ad4913cbffe0e0c2cca0c4febbe596
    Added Reference https://git.kernel.org/stable/c/b38cbd4af5034635cff109e08788c63f956f3a69
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.