CVE-2026-46129
Double Free in Linux Kernel Btrfs
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | btrfs | * |
| linux | linux_kernel | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges. In the context of the Linux kernel, this could compromise system stability and security.
Can you explain this vulnerability to me?
This vulnerability is a double free bug in the Linux kernel's btrfs filesystem code, specifically in the create_space_info() function. When an error occurs during the initialization and addition of a kobject (kobject_init_and_add()), the code mistakenly frees the same memory twice. This happens because after a failure, the space_info structure is freed once directly, and then again indirectly through a kobject release callback, leading to a double free.