CVE-2026-53229

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: xsk: Fix DMA and xdp frame leak on XDP TX xmit failure

In the XSK branch of mlx5e xmit xdp buff(), when sq->xmit xdp frame() returns false (e.g. XDPSQ is full), the function returns without unmapping the DMA address or freeing the xdp frame allocated by xdp convert zc to xdp frame(). The xdpi fifo push only happens on success, so the completion path cannot recover these entries.

With CONFIG DMA API DEBUG=y, the leak surfaces on driver unbind:

DMA-API: pci 0000:08:00.0: device driver has pending DMA allocations while released from device [count=1116] One of leaked entries details: [device address=0x000000010ffd7028] [size=1534 bytes] [mapped with DMA TO DEVICE] [mapped as phy] WARNING: kernel/dma/debug.c:881 at dma debug device change+0x127/0x180 ... DMA-API: Mapped at: debug dma map phys+0x4b/0xd0 dma map phys+0xfd/0x2d0 mlx5e xdp handle+0x5ae/0xac0 [mlx5 core] mlx5e xsk skb from cqe mpwrq linear+0xc4/0x170 [mlx5 core] mlx5e handle rx cqe mpwrq+0xc1/0x290 [mlx5 core]

Add the missing unmap + xdp return frame, matching the cleanup already done in mlx5e xdp xmit(). has frags is rejected earlier in this branch, so no per-frag unmap is needed.