Double free in Linux kernel - CVE-2026-43278
Published: May 7, 2026
Vulnerability identifier: #VU130421
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43278
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to double free in request-based device-mapper targets when handling completion and teardown of cloned request bios. A local user can trigger request processing that causes the same cloned bios to be freed twice to cause a denial of service.
One observed case involves dm-multipath on top of a PCIe NVMe namespace, where the cloned bios are first freed during request completion and later freed again during clone teardown.
How to mitigate CVE-2026-43278
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/3d746b639be4b4f5cd8ce2b06aa52dc443f50edc
- https://git.kernel.org/stable/c/7daf279c674d515fb22a727a7bbc92aeb35c5442
- https://git.kernel.org/stable/c/83d72091804600ead96dc9e9f518ea56cb4942f6
- https://git.kernel.org/stable/c/8d9ddad561136f7e6a9346767bf97b4d79e38e67
- https://git.kernel.org/stable/c/9a95b98202113045bc1a5bcb30388a500f25e050
- https://git.kernel.org/stable/c/b1c1a2637ebd675aa2d71fee8c70da8791d73850
- https://git.kernel.org/stable/c/e2e738e8dfbbf83bd2bae0467ec4420cc52da42a
- https://git.kernel.org/stable/c/fb8a6c18fb9a6561f7a15b58b272442b77a242dd