CVE-2026-23326

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: Fix fragment node deletion to prevent buffer leak<br /> <br /> After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"),<br /> the list_node field is reused for both the xskb pool list and the buffer<br /> free list, this causes a buffer leak as described below.<br /> <br /> xp_free() checks if a buffer is already on the free list using<br /> list_empty(&amp;xskb-&gt;list_node). When list_del() is used to remove a node<br /> from the xskb pool list, it doesn&amp;#39;t reinitialize the node pointers.<br /> This means list_empty() will return false even after the node has been<br /> removed, causing xp_free() to incorrectly skip adding the buffer to the<br /> free list.<br /> <br /> Fix this by using list_del_init() instead of list_del() in all fragment<br /> handling paths, this ensures the list node is reinitialized after removal,<br /> allowing the list_empty() to work correctly.