VYPR
High severity7.8NVD Advisory· Published May 28, 2026· Updated Jun 1, 2026

CVE-2026-46129

CVE-2026-46129

Description

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info() error path

When kobject_init_and_add() fails, the call chain is:

create_space_info() -> btrfs_sysfs_add_space_info_type() -> kobject_init_and_add() -> failure -> kobject_put(&space_info->kobj) -> space_info_release() -> kfree(space_info)

Then control returns to create_space_info():

btrfs_sysfs_add_space_info_type() returns error -> goto out_free -> kfree(space_info)

This causes a double free.

Keep the direct kfree(space_info) for the earlier failure path, but after btrfs_sysfs_add_space_info_type() has called kobject_put(), let the kobject release callback handle the cleanup.

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.