Double free in Linux kernel - CVE-2026-43196
Published: May 7, 2026
Vulnerability identifier: #VU130540
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43196
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a double free in pruss_clk_mux_setup() when handling an error path during clock mux setup. A local user can trigger the vulnerable error path to cause a denial of service.
How to mitigate CVE-2026-43196
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/04dbbb18cc9c8795c9ff47d8994bc03ebfef9d68
- https://git.kernel.org/stable/c/24c40076e3bc3d73c839c886d6bda1da6c4d9b93
- https://git.kernel.org/stable/c/69aa67c1e22d13e9aad4b08c86304ad8e743dcab
- https://git.kernel.org/stable/c/80db65d4acfb9ff12d00172aed39ea8b98261aad
- https://git.kernel.org/stable/c/818cf66d91c8ef09b01664a12d5f4ea786d64396
- https://git.kernel.org/stable/c/b7db9953c2f8da37de498198623b05b46f8e2ca0
- https://git.kernel.org/stable/c/dbda01bf2dfe5af33163e1e5fca1b82b619c2803
- https://git.kernel.org/stable/c/e113339cc7d23be4948891f3a702e9dce5b47035