CVE-2026-23326

In the Linux kernel, the following vulnerability has been resolved:

xsk: Fix fragment node deletion to prevent buffer leak

After commit b692bf9a7543 ("xsk: Get rid of xdp buff xsk::xskb list node"), the list node field is reused for both the xskb pool list and the buffer free list, this causes a buffer leak as described below.

xp free() checks if a buffer is already on the free list using list empty(&xskb->list node). When list del() is used to remove a node from the xskb pool list, it doesn't reinitialize the node pointers. This means list empty() will return false even after the node has been removed, causing xp free() to incorrectly skip adding the buffer to the free list.

Fix this by using list del init() instead of list del() in all fragment handling paths, this ensures the list node is reinitialized after removal, allowing the list empty() to work correctly.