Description
In the Linux kernel, the following vulnerability has been resolved:

ice: fix double free in ice_sf_eth_activate() error path

When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to
aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev).

The device release callback ice_sf_dev_release() frees sf_dev, but
the current error path falls through to sf_dev_free and calls
kfree(sf_dev) again, causing a double free.

Keep kfree(sf_dev) for the auxiliary_device_init() failure path, but
avoid falling through to sf_dev_free after auxiliary_device_uninit().
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises when the ice driver's error path during device activation triggers a double free (CWE-1341, CWE-415). The driver releases the auxiliary device object but later calls kfree on the same structure again, exposing kernel memory to corruption. Such corruption can be leveraged by an attacker to compromise system integrity, potentially enabling execution of arbitrary code with elevated privileges.

Affected Systems

The flaw affects the Linux kernel's ice module, which implements Linux Ethernet devices. No specific kernel version is listed in the CVE data, so any kernel that includes the unpatched ice driver could be vulnerable. Regions lacking the fix should be treated as potentially affected until a kernel update is applied.

Risk and Exploitability

The CVSS score of 7.8 is available, and the EPSS score is < 1%; the vulnerability is not listed in CISA KEV. The attack vector is likely local, requiring interaction with the ice driver to trigger the faulty error path. Consequently, this is a high-risk kernel flaw that can be exploited to gain elevated privileges, especially on systems with exposed or misconfigured network interfaces that load the ice module.

Generated by OpenCVE AI on June 10, 2026 at 22:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that removes the double free in ice_sf_eth_activate()'s error path; the patch is referenced in the provided kernel commit logs.
  • Upgrade to a Linux kernel release that incorporates the fix; the patch is referenced in the commit logs.
  • If an immediate kernel upgrade is not feasible, disable or unload the module to prevent the execution of the vulnerable code path until a patch is applied.

Generated by OpenCVE AI on June 10, 2026 at 22:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev). The device release callback ice_sf_dev_release() frees sf_dev, but the current error path falls through to sf_dev_free and calls kfree(sf_dev) again, causing a double free. Keep kfree(sf_dev) for the auxiliary_device_init() failure path, but avoid falling through to sf_dev_free after auxiliary_device_uninit().
Title ice: fix double free in ice_sf_eth_activate() error path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:59:13.179Z

Reserved: 2026-05-13T15:03:33.102Z

Link: CVE-2026-46162

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:31.860

Modified: 2026-06-10T21:13:48.717

Link: CVE-2026-46162

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46162 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:00:20Z

Weaknesses
  • CWE-1341

    Multiple Releases of Same Resource or Handle

  • CWE-415

    Double Free