-

CVE-2026-43328

EPSS 0.03%
Veröffentlicht 08.05.2026 13:31:16
Zuletzt bearbeitet 12.05.2026 14:10:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls
kobject_put(&dbs_data->attr_set.kobj).

The kobject release callback cpufreq_dbs_data_release() calls
gov->exit(dbs_data) and kfree(dbs_data), but the current error path
then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a
double free.

Keep the direct kfree(dbs_data) for the gov->init() failure path, but
after kobject_init_and_add() has been called, let kobject_put() handle
the cleanup through cpufreq_dbs_data_release().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 14

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < 56bc91ee78babe9578585a2bc137abc4b3115ff3

Status affected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < 019ea28629720c220daedf38107c8787f330dc05

Status affected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < da39ee627fd82b52068d4d5f115749a8b7d271f9

Status affected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < 427d048e4f6acbfa01b5a8062449fe0ee8987c0d

Status affected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357

Status affected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < 3bf9d023d2329a0e5379f2fd09d06ef09729cd9d

Status affected

Version 4ebe36c94aed95de71a8ce6a6762226d31c938ee

Version < 6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e

Status affected

Version e977b1477a6725868302957e6b5c330220391797

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.2

Status affected

Version 0

Version < 5.2

Status unaffected

Version <= 5.10.*

Version 5.10.253

Status unaffected

Version <= 6.1.*

Version 6.1.168

Status unaffected

Version <= 6.6.*

Version 6.6.134

Status unaffected

Version <= 6.12.*

Version 6.12.81

Status unaffected

Version <= 6.18.*

Version 6.18.22

Status unaffected

Version <= 6.19.*

Version 6.19.12

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3

https://git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05

https://git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9

https://git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0d

https://git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357

https://git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9d

https://git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e

https://nvd.nist.gov/vuln/detail/CVE-2026-43328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43328

EUVD