CVE Catalog

CVE-2026-46129

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info() function on error. The issue occurs when kobject_init_and_add() fails, resulting in improper memory management.

Risk Assessment

Double free can lead to system instability and potential security vulnerabilities that attackers may exploit to gain access to memory or execute malicious code.

Recommendation

It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed to minimize the risks associated with double freeing memory.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info() -> btrfs_sysfs_add_space_info_type() -> kobject_init_and_add() -> failure -> kobject_put(&space_info->kobj) -> space_info_release() -> kfree(space_info) Then control returns to create_space_info(): btrfs_sysfs_add_space_info_type() returns error -> goto out_free -> kfree(space_info) This causes a double free. Keep the direct kfree(space_info) for the earlier failure path, but after btrfs_sysfs_add_space_info_type() has called kobject_put(), let the kobject release callback handle the cleanup.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS