PT-2026-44252 · Linux · Linux
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-46129
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double free in create space info() error path
When kobject init and add() fails, the call chain is:
create space info()
-> btrfs sysfs add space info type()
-> kobject init and add()
-> failure
-> kobject put(&space info->kobj)
-> space info release()
-> kfree(space info)
Then control returns to create space info():
btrfs sysfs add space info type() returns error
-> goto out free
-> kfree(space info)
This causes a double free.
Keep the direct kfree(space info) for the earlier failure path, but
after btrfs sysfs add space info type() has called kobject put(), let
the kobject release callback handle the cleanup.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux