CVE-2026-43328

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

Assigner: Linux
Reserved: 01.05.2026 Published: 08.05.2026 Updated: 08.05.2026

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj).

The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free.

Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 56bc91ee78babe9578585a2bc137abc4b3115ff3 (excl.) affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 019ea28629720c220daedf38107c8787f330dc05 (excl.) affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to da39ee627fd82b52068d4d5f115749a8b7d271f9 (excl.) affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 427d048e4f6acbfa01b5a8062449fe0ee8987c0d (excl.) affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357 (excl.) affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 3bf9d023d2329a0e5379f2fd09d06ef09729cd9d (excl.) affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e (excl.) Version e977b1477a6725868302957e6b5c330220391797 is affected

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 56bc91ee78babe9578585a2bc137abc4b3115ff3 (excl.)
affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 019ea28629720c220daedf38107c8787f330dc05 (excl.)
affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to da39ee627fd82b52068d4d5f115749a8b7d271f9 (excl.)
affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 427d048e4f6acbfa01b5a8062449fe0ee8987c0d (excl.)
affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to d2703b4f8fb7cc6f0dfdb2dc2359cc46189e7357 (excl.)
affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 3bf9d023d2329a0e5379f2fd09d06ef09729cd9d (excl.)
affected from 4ebe36c94aed95de71a8ce6a6762226d31c938ee to 6dcf9d0064ce2f3e3dfe5755f98b93abe6a98e1e (excl.)
Version e977b1477a6725868302957e6b5c330220391797 is affected

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.2 is affected unaffected from 0 to 5.2 (excl.) unaffected from 5.10.253 to 5.10.* (incl.) unaffected from 6.1.168 to 6.1.* (incl.) unaffected from 6.6.134 to 6.6.* (incl.) unaffected from 6.12.81 to 6.12.* (incl.) unaffected from 6.18.22 to 6.18.* (incl.) unaffected from 6.19.12 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 5.2 is affected
unaffected from 0 to 5.2 (excl.)
unaffected from 5.10.253 to 5.10.* (incl.)
unaffected from 6.1.168 to 6.1.* (incl.)
unaffected from 6.6.134 to 6.6.* (incl.)
unaffected from 6.12.81 to 6.12.* (incl.)
unaffected from 6.18.22 to 6.18.* (incl.)
unaffected from 6.19.12 to 6.19.* (incl.)
unaffected from 7.0 to * (incl.)

References

CVE-2026-43328 PUBLISHED

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

Product Status

References