CVE-2025-39948

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel ice driver contains a flaw in the ice put rx mbuf() function that can lead to a memory leak when handling multi-buffer frames. Specifically, if the hardware posts a descriptor with a size of 0, the function fails to properly manage buffer accounting, resulting in pages not being freed and potentially being recycled incorrectly. This issue occurs because the function does not call ice put rx buf() for all buffers, leaving stale pages in the ring. The problem is more common with "jumbo frames" using 9K MTU. The fix involves modifying the loop logic in ice put rx mbuf() and ice get pgcnts() to ensure all buffers are processed correctly, and adjusting how pagecnt bias is handled for non-linear frames. Additionally, the code was modified to remove the xdp xmit pointer argument from ice put rx mbuf() and move the increment of the ntc local variable to ensure it is updated before calls to ice get pgcnts() or ice put rx mbuf(). The number of fragments in the rx ring is no longer cached.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.