By weakness (CWE)
CWE-415: related vulnerabilities
CVEs classified under CWE-415. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
3 published vulnerabilities
- CVE-2026-46129HIGH 7.8
A double-free memory corruption bug exists in the Linux kernel's Btrfs filesystem implementation. When the kernel initializes and registers filesystem space information objects with the sysfs interface, a failure in that registration process can cause the same memory block to be freed twice. This happens because the error recovery code doesn't account for cleanup already performed by the object release callback. A local attacker with unprivileged user access could trigger this condition and gain kernel-level privileges.
- CVE-2026-46162HIGH 7.8
A flaw in the Linux kernel's ice (Intel ice) network driver creates a double-free memory corruption condition in the auxiliary device activation error handler. When the driver attempts to activate a subfunction Ethernet device but the operation fails partway through, the error handling code frees the same memory region twice, corrupting the kernel heap. An attacker with local access and unprivileged user privileges can trigger this condition to escalate privileges or crash the system.
- CVE-2026-46164HIGH 7.0
A memory management bug in the Linux kernel's Btrfs filesystem can cause the same memory region to be freed twice when a sysfs initialization step fails. This double-free condition can lead to memory corruption and potentially allow an attacker with local access to crash the system or execute code with elevated privileges. The issue occurs in error handling code that wasn't properly coordinated between two layers of the filesystem's initialization logic.