{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46162","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.102Z","datePublished":"2026-05-28T09:36:17.479Z","dateUpdated":"2026-06-14T17:59:13.179Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T17:59:13.179Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix double free in ice_sf_eth_activate() error path\n\nWhen auxiliary_device_add() fails, ice_sf_eth_activate() jumps to\naux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev).\n\nThe device release callback ice_sf_dev_release() frees sf_dev, but\nthe current error path falls through to sf_dev_free and calls\nkfree(sf_dev) again, causing a double free.\n\nKeep kfree(sf_dev) for the auxiliary_device_init() failure path, but\navoid falling through to sf_dev_free after auxiliary_device_uninit()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ice/ice_sf_eth.c"],"versions":[{"version":"13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6","lessThan":"2ca30340b5028ddc3f17086a538feeff06167b1b","status":"affected","versionType":"git"},{"version":"13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6","lessThan":"121d1f253aed515cd85748f68c664a6cb756e8ad","status":"affected","versionType":"git"},{"version":"13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6","lessThan":"d0c6a4816609f145ffcc74e64baa214c571c17c6","status":"affected","versionType":"git"},{"version":"13acc5c4cdbeccf3274cbbd4de2e2d316b8c4ce6","lessThan":"9aab1c3d7299285e2569cbc0ed5892d631a241b2","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ice/ice_sf_eth.c"],"versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","status":"unaffected","versionType":"semver"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.18.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"7.0.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2ca30340b5028ddc3f17086a538feeff06167b1b"},{"url":"https://git.kernel.org/stable/c/121d1f253aed515cd85748f68c664a6cb756e8ad"},{"url":"https://git.kernel.org/stable/c/d0c6a4816609f145ffcc74e64baa214c571c17c6"},{"url":"https://git.kernel.org/stable/c/9aab1c3d7299285e2569cbc0ed5892d631a241b2"}],"title":"ice: fix double free in ice_sf_eth_activate() error path","x_generator":{"engine":"bippy-1.2.0"}}}}