CVE-2026-43328 - Vulnerability Details

- cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

Description

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls
kobject_put(&dbs_data->attr_set.kobj).

The kobject release callback cpufreq_dbs_data_release() calls
gov->exit(dbs_data) and kfree(dbs_data), but the current error path
then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a
double free.

Keep the direct kfree(dbs_data) for the gov->init() failure path, but
after kobject_init_and_add() has been called, let kobject_put() handle
the cleanup through cpufreq_dbs_data_release().

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< 56bc91ee78babe9578585a2bc137abc4b3115ff3
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< 019ea28629720c220daedf38107c8787f330dc05
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< da39ee627fd82b52068d4d5f115749a8b7d271f9
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< 427d048e4f6acbfa01b5a8062449fe0ee8987c0d
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< 3bf9d023d2329a0e5379f2fd09d06ef09729cd9d
`4ebe36c94aed95de71a8ce6a6762226d31c938ee`	affected	< 6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e
`e977b1477a6725868302957e6b5c330220391797`	affected	—

Linux

affected

Version	Status	Constraints
`5.2`	affected	—
`0`	unaffected	< 5.2
`5.10.253`	unaffected	≤ 5.10.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,56bc91ee78babe9578585a2bc137abc4b3115ff3)`	affected	code_commit	—
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,019ea28629720c220daedf38107c8787f330dc05)`	affected	code_commit	—
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,3bf9d023d2329a0e5379f2fd09d06ef09729cd9d)`	affected	code_commit	—
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,427d048e4f6acbfa01b5a8062449fe0ee8987c0d)`	affected	code_commit	—
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357)`	affected	code_commit	—
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e)`	affected	code_commit	—
`[4ebe36c94aed95de71a8ce6a6762226d31c938ee,da39ee627fd82b52068d4d5f115749a8b7d271f9)`	affected	code_commit	—
`e977b1477a6725868302957e6b5c330220391797`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.2`	affected	generic	—
`[0,5.2)`	unaffected	generic	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[6.1.168,6.2.0)`	unaffected	semver	—
`[6.6.134,6.7.0)`	unaffected	semver	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,7.0.0)`	unaffected	semver	—
`[7.0,*)`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2026/CVE-2026-43328.mbox
https://git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05
https://git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9d
https://git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0d
https://git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3
https://git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e
https://git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357
https://git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9
https://nvd.nist.gov/vuln/detail/CVE-2026-43328
https://www.cve.org/CVERecord?id=CVE-2026-43328

History

Sat, 16 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-763
References		https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2026/CVE-2026-43328.mbox https://nvd.nist.gov/vuln/detail/CVE-2026-43328 https://www.cve.org/CVERecord?id=CVE-2026-43328
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-415

Fri, 08 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj). The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free. Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().
Title		cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/019ea28629720c220daedf38107c8787f330dc05 https://git.kernel.org/stable/c/3bf9d023d2329a0e5379f2fd09d06ef09729cd9d https://git.kernel.org/stable/c/427d048e4f6acbfa01b5a8062449fe0ee8987c0d https://git.kernel.org/stable/c/56bc91ee78babe9578585a2bc137abc4b3115ff3 https://git.kernel.org/stable/c/6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e https://git.kernel.org/stable/c/d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357 https://git.kernel.org/stable/c/da39ee627fd82b52068d4d5f115749a8b7d271f9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:31:16.787Z

Updated: 2026-05-11T22:22:26.516Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43328

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-08T14:16:42.397

Modified: 2026-05-12T14:10:27.343

Link: CVE-2026-43328

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43328 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-16T01:30:12Z

Weaknesses

CWE-415

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object