CVE-2026-46129
Awaiting Analysis Awaiting Analysis - Queue
Double Free in Linux Kernel Btrfs

Publication date: 2026-05-28

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info() -> btrfs_sysfs_add_space_info_type() -> kobject_init_and_add() -> failure -> kobject_put(&space_info->kobj) -> space_info_release() -> kfree(space_info) Then control returns to create_space_info(): btrfs_sysfs_add_space_info_type() returns error -> goto out_free -> kfree(space_info) This causes a double free. Keep the direct kfree(space_info) for the earlier failure path, but after btrfs_sysfs_add_space_info_type() has called kobject_put(), let the kobject release callback handle the cleanup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-01
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46129
EUVD
EUVD-2026-32888
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux_kernel btrfs *
linux linux_kernel *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a double free bug in the Linux kernel's btrfs filesystem code, specifically in the create_space_info() function. When an error occurs during the initialization and addition of a kobject (kobject_init_and_add()), the code mistakenly frees the same memory twice. This happens because after a failure, the space_info structure is freed once directly, and then again indirectly through a kobject release callback, leading to a double free.

Mitigation Strategies

The vulnerability is a double free issue in the btrfs subsystem of the Linux kernel related to the create_space_info() error path.

To mitigate this vulnerability, you should update your Linux kernel to a version where this issue has been fixed. The fix involves proper handling of the kobject release callback to avoid double freeing memory.

Since no CVSS or specific mitigation commands are provided, the best immediate step is to apply the latest kernel patches or updates from your Linux distribution that address this issue.

Impact Analysis

A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges. In the context of the Linux kernel, this could compromise system stability and security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46129. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart