CVE-2026-43328
Description
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path
When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj).
The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free.
Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Double-free vulnerability in Linux kernel cpufreq governor error path due to improper cleanup after kobject_init_and_add() failure.
A double-free vulnerability exists in the Linux kernel's cpufreq governor initialization code, specifically in the function cpufreq_dbs_governor_init(). When the call to kobject_init_and_add() fails, the error path first invokes kobject_put() on the kobject embedded in the dbs_data structure. This triggers the release callback cpufreq_dbs_data_release(), which frees dbs_data and calls the governor's exit function. Subsequently, the error path attempts to call gov->exit() and kfree(dbs_data) again, resulting in a double free [1].
To exploit this vulnerability, an attacker would need to cause a failure in the kobject registration process, which could be achieved by exhausting system resources or manipulating kernel parameters. The attack requires local access to the system and the ability to trigger the governor initialization error path.
The double free can lead to memory corruption, potentially enabling privilege escalation or a system crash. Given the CVSS score of 7.8, the vulnerability is considered high severity. The Linux kernel has issued a fix in commit da39ee627fd8 [1]. Users are advised to apply the patch or update to a kernel version containing the fix.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05nvdPatch
- git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9dnvdPatch
- git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0dnvdPatch
- git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3nvdPatch
- git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1envdPatch
- git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357nvdPatch
- git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9nvdPatch
News mentions
0No linked articles in our index yet.