7.8

CVE-2026-46129

btrfs: fix double free in create_space_info() error path

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info() error path

When kobject_init_and_add() fails, the call chain is:

create_space_info()
-> btrfs_sysfs_add_space_info_type()
-> kobject_init_and_add()
-> failure
-> kobject_put(&space_info->kobj)
-> space_info_release()
-> kfree(space_info)

Then control returns to create_space_info():

btrfs_sysfs_add_space_info_type() returns error
-> goto out_free
-> kfree(space_info)

This causes a double free.

Keep the direct kfree(space_info) for the earlier failure path, but
after btrfs_sysfs_add_space_info_type() has called kobject_put(), let
the kobject release callback handle the cleanup.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1.162 < 6.1.175
LinuxLinux Kernel Version >= 6.6.122 < 6.6.140
LinuxLinux Kernel Version >= 6.12.67 < 6.12.88
LinuxLinux Kernel Version >= 6.18.7 < 6.18.30
LinuxLinux Kernel Version >= 6.19.1 < 7.0.7
LinuxLinux Kernel Version6.19 Update-
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.036
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/c2670ec4aa49ca226bce9776601e0da37502be07
Patch
https://git.kernel.org/stable/c/f414b3abbba59ef379a2b3c31f2bdd9358ed5e53
Patch
https://git.kernel.org/stable/c/9a060970fd7b5e1c561e4ce73cb9949e4269a738
Patch
https://git.kernel.org/stable/c/dd6ade0fdd59218d71a981ae7c937a304e49209c
Patch
https://git.kernel.org/stable/c/3f487be81292702a59ea9dbc4088b3360a50e837
Patch
https://git.kernel.org/stable/c/ae6d6e31ceb72b7697c28a528e4923c08e3c2ef5
Patch