What is the CVSS score of CVE-2026-43328?

CVE-2026-43328 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2026-43328?

A double-free vulnerability in the Linux kernel's CPU frequency scaling subsystem allows local users with elevated privileges to trigger memory corruption.. A patch is available.

Linux Kernel CVE-2026-43328

EUVD-2026-28612 HIGH

Double Free (CWE-415)

2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67

GHSA-jm8j-3fg5-f3c9

Information Disclosure Linux Red Hat Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 18, 2026 - 12:52 vuln.today

CVSS changed

May 18, 2026 - 12:52 NVD

7.8 (HIGH)

Patch available

May 08, 2026 - 15:02 EUVD

CVE Published

May 08, 2026 - 14:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj).

The kobject release callback cpufreq_dbs_data_release() calls gov->exit(dbs_data) and kfree(dbs_data), but the current error path then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a double free.

Keep the direct kfree(dbs_data) for the gov->init() failure path, but after kobject_init_and_add() has been called, let kobject_put() handle the cleanup through cpufreq_dbs_data_release().

AnalysisAI

Double-free condition in the Linux kernel's cpufreq governor subsystem affects multiple stable branches and can lead to memory corruption when an error path in cpufreq_dbs_governor_init() is triggered. The flaw stems from redundant cleanup logic that calls gov->exit() and kfree(dbs_data) twice after a kobject_init_and_add() failure, and no public exploit identified at time of analysis. …

RemediationAI

24 hours: Inventory Linux systems running vulnerable cpufreq code and assess exposure in privilege-escalation-sensitive environments. 7 days: Apply Linux kernel patches from your distributions (Red Hat, Canonical, etc.) addressing CVE-2026-43328; prioritize servers and multi-tenant systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

CVE-2026-43328 vulnerability details – vuln.today

Back

Linux Kernel CVE-2026-43328

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code