CVE-2026-46162
Double Free in Linux Kernel Ice Driver
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free bug in the Linux kernel's ice driver, specifically in the function ice_sf_eth_activate().
When the function auxiliary_device_add() fails, the error handling code calls auxiliary_device_uninit(), which triggers the device release callback ice_sf_dev_release() that frees the device structure sf_dev.
However, after this, the error path incorrectly continues and calls kfree(sf_dev) again, causing the same memory to be freed twice.
The fix involves keeping the kfree(sf_dev) call only for the failure path of auxiliary_device_init(), and avoiding the second free after auxiliary_device_uninit() to prevent the double free.
How can this vulnerability impact me? :
A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges.
In this case, the double free in the Linux kernel's ice driver could destabilize the kernel, potentially causing system instability or security breaches.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is a double free issue in the Linux kernel's ice driver during the auxiliary device activation error path.
To mitigate this vulnerability, update your Linux kernel to a version where this issue is fixed, as the patch avoids the double free by adjusting the error handling in ice_sf_eth_activate().