CVE-2025-39948: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39948 was disclosed on October 4, 2025, affecting the Linux kernel. The vulnerability specifically involves a page leak issue in the ice driver's handling of multi-buffer frames. The issue occurs in the iceputrx_mbuf() function, which is responsible for managing buffer handling in the network driver (NVD).

The vulnerability stems from improper handling of descriptors with size 0 in the iceputrxmbuf() function. When the hardware posts a descriptor with size 0, the logic breaks as these descriptors are skipped and not added as fragments in iceaddxdpfrag. Since the buffer isn't counted as a fragment, it's not iterated over in iceputrxmbuf(), resulting in iceputrxbuf() not being called. This leads to the page not being freed or reused, causing a stale page in the ring. The issue primarily occurs with jumbo frames used by 9K MTU (NVD).

The vulnerability results in memory leaks specifically for multi-buffer frames in the Linux kernel's ice driver. Single-buffer frames are not affected as the iceputrx_mbuf() function always handles at least one buffer correctly. The leak occurs when handling certain network packets, particularly with jumbo frames using 9K MTU (NVD).

The fix involves modifying iceputrxmbuf() to ensure iceputrxbuf() is called on all buffers between firstdesc and nexttoclean. The solution borrows logic from a similar function in i40e and applies it to icegetpgcnts(). The patch also includes improvements to handle pagecntbias adjustments for non-linear frames and optimization of xdp_xmit handling (NVD).