CVE-2026-43328 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj). The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free. Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05
https://git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9d
https://git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0d
https://git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3
https://git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e
https://git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357
https://git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9

History

Fri, 08 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj). The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free. Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().
Title		cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05 https://git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9d https://git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0d https://git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3 https://git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e https://git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357 https://git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:31:16.787Z

Updated: 2026-05-08T13:31:16.787Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43328

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:42.397

Modified: 2026-05-08T14:16:42.397

Link: CVE-2026-43328

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object