CVE-2026-46129
Published: May 28, 2026
Modified: Jun 1, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info() -> btrfs_sysfs_add_space_info_type() -> kobject_init_and_add() -> failure -> kobject_put(&space_info->kobj) -> space_info_release() -> kfree(space_info) Then control returns to create_space_info(): btrfs_sysfs_add_space_info_type() returns error -> goto out_free -> kfree(space_info) This causes a double free. Keep the direct kfree(space_info) for the earlier failure path, but after btrfs_sysfs_add_space_info_type() has called kobject_put(), let the kobject release callback handle the cleanup.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 20e8f2de3688082eeafeb93c8900485b7542457e - < ae6d6e31ceb72b7697c28a528e4923c08e3c2ef5affected 58208907c4044a764dbd8896026283905da6d9be - < c2670ec4aa49ca226bce9776601e0da37502be07affected bb4fa4c0b54aae25e55faeda7f78d0c11b8cd618 - < f414b3abbba59ef379a2b3c31f2bdd9358ed5e53affected 6cb008f1bb23e023dfe615cca5df14570dfc8da5 - < 9a060970fd7b5e1c561e4ce73cb9949e4269a738affected a11224a016d6d1d46a4d9b6573244448a80d4d7f - < dd6ade0fdd59218d71a981ae7c937a304e49209c+5 more versions |
Linux | Linux | affected 6.19unaffected 0 - < 6.19unaffected 6.1.175 - <= 6.1.*unaffected 6.6.140 - <= 6.6.*unaffected 6.12.88 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now