CVE-2026-46129
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info() function on error. The issue occurs when kobject_init_and_add() fails, resulting in improper memory management.
Risk Assessment
Double free can lead to system instability and potential security vulnerabilities that attackers may exploit to gain access to memory or execute malicious code.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed to minimize the risks associated with double freeing memory.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info() -> btrfs_sysfs_add_space_info_type() -> kobject_init_and_add() -> failure -> kobject_put(&space_info->kobj) -> space_info_release() -> kfree(space_info) Then control returns to create_space_info(): btrfs_sysfs_add_space_info_type() returns error -> goto out_free -> kfree(space_info) This causes a double free. Keep the direct kfree(space_info) for the earlier failure path, but after btrfs_sysfs_add_space_info_type() has called kobject_put(), let the kobject release callback handle the cleanup.

