CVE-2026-46189
In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
CVSS
7.8
Alto
EPSS
0.1%
p4
KEV
—
Exploit Today
1
0-100
Publicado: 28 may 2026 · Última mod.: 16 jul 2026 · CWE-415 · CWE-1341
0.1%EPSS · 30 días0.1%
2026-06-302026-07-16
In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.
- git.kernel.orghttps://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59
- git.kernel.orghttps://git.kernel.org/stable/c/1df5711121cdc11e76b889408fdbe459feba1d39
- git.kernel.orghttps://git.kernel.org/stable/c/269967d7693304e1f06ed2dff4ebbbeeb397cda4
- git.kernel.orghttps://git.kernel.org/stable/c/3a231c34c5bc3d3cfc850b877758ec9fdaa8a483
- git.kernel.orghttps://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0
- git.kernel.orghttps://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead
- git.kernel.orghttps://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf
- git.kernel.orghttps://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:30848
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33685
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33743
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35904
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36049
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36073
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36767
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:38902
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:40068
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:40760
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-46189
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2482588
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-239188.8 ALT98.7%
——30Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.3dCVE-2026-89259.8 CRÍ61.3%
——18The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.10dCVE-2026-338117.5 ALT52.9%
——16When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.1dCVE-2026-506857.5 ALT45.6%
——14Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.2dCVE-2026-430119.8 CRÍ44.3%
——13In the Linux kernel, the following vulnerability has been resolved:
net/x25: Fix potential double free of skb
When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at
line 48 and returns 1 (error).
This error propagates back through the call chain:
x25_queue_rx_frame returns 1
|
v
x25_state3_machine receives the return value 1 and takes the else
branch at line 278, setting queued=0 and returning 0
|
v
x25_process_rx_frame returns queued=0
|
v
x25_backlog_rcv at line 452 sees queued=0 and calls kfree_skb(skb)
again
This would free the same skb twice. Looking at x25_backlog_rcv:
net/x25/x25_in.c:x25_backlog_rcv() {
...
queued = x25_process_rx_frame(sk, skb);
...
if (!queued)
kfree_skb(skb);
}3dCVE-2018-109027.8 ALT40.8%
——12It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.10d