CVE-2026-46162 (GCVE-0-2026-46162)
Vulnerability from cvelistv5 – Published: 2026-05-28 09:36 – Updated: 2026-06-14 17:59
VLAI?
Title
ice: fix double free in ice_sf_eth_activate() error path
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: fix double free in ice_sf_eth_activate() error path
When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to
aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev).
The device release callback ice_sf_dev_release() frees sf_dev, but
the current error path falls through to sf_dev_free and calls
kfree(sf_dev) again, causing a double free.
Keep kfree(sf_dev) for the auxiliary_device_init() failure path, but
avoid falling through to sf_dev_free after auxiliary_device_uninit().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6 , < 2ca30340b5028ddc3f17086a538feeff06167b1b
(git)
Affected: 13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6 , < 121d1f253aed515cd85748f68c664a6cb756e8ad (git) Affected: 13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6 , < d0c6a4816609f145ffcc74e64baa214c571c17c6 (git) Affected: 13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6 , < 9aab1c3d7299285e2569cbc0ed5892d631a241b2 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_sf_eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ca30340b5028ddc3f17086a538feeff06167b1b",
"status": "affected",
"version": "13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6",
"versionType": "git"
},
{
"lessThan": "121d1f253aed515cd85748f68c664a6cb756e8ad",
"status": "affected",
"version": "13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6",
"versionType": "git"
},
{
"lessThan": "d0c6a4816609f145ffcc74e64baa214c571c17c6",
"status": "affected",
"version": "13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6",
"versionType": "git"
},
{
"lessThan": "9aab1c3d7299285e2569cbc0ed5892d631a241b2",
"status": "affected",
"version": "13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_sf_eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.88",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.30",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix double free in ice_sf_eth_activate() error path\n\nWhen auxiliary_device_add() fails, ice_sf_eth_activate() jumps to\naux_dev_uninit and calls auxiliary_device_uninit(\u0026sf_dev-\u003eadev).\n\nThe device release callback ice_sf_dev_release() frees sf_dev, but\nthe current error path falls through to sf_dev_free and calls\nkfree(sf_dev) again, causing a double free.\n\nKeep kfree(sf_dev) for the auxiliary_device_init() failure path, but\navoid falling through to sf_dev_free after auxiliary_device_uninit()."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-14T17:59:13.179Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ca30340b5028ddc3f17086a538feeff06167b1b"
},
{
"url": "https://git.kernel.org/stable/c/121d1f253aed515cd85748f68c664a6cb756e8ad"
},
{
"url": "https://git.kernel.org/stable/c/d0c6a4816609f145ffcc74e64baa214c571c17c6"
},
{
"url": "https://git.kernel.org/stable/c/9aab1c3d7299285e2569cbc0ed5892d631a241b2"
}
],
"title": "ice: fix double free in ice_sf_eth_activate() error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-46162",
"datePublished": "2026-05-28T09:36:17.479Z",
"dateReserved": "2026-05-13T15:03:33.102Z",
"dateUpdated": "2026-06-14T17:59:13.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…