CVE-2026-23326

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s xsk module related to fragment node deletion. A buffer leak can occur because the list node field is reused for both the xskb pool list and the buffer free list. Specifically, after a commit (b692bf9a7543), the list del() function was used to remove nodes from the xskb pool list without reinitializing the node pointers. This caused the list empty() function to incorrectly return false, preventing buffers from being added to the free list. The issue is addressed by using list del init() instead of list del() in fragment handling paths, ensuring proper reinitialization of list nodes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.