Skip to main content

CWE-1341

Multiple Releases of Same Resource or Handle

4 CVEs Avg CVSS 8.3 MITRE
1
CRITICAL
3
HIGH
0
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-53009 HIGH PATCH This Week

Local privilege-impacting memory corruption in the Linux kernel's Intel ice network driver allows a double-free of a transmit buffer's skb when the TX offload paths fail. When ice_tso() or ice_tx_csum() return an error, ice_xmit_frame_ring() frees the skb but leaves the 'first' tx_buf still marked ICE_TX_BUF_SKB, so a later ice_clean_tx_ring() during interface teardown frees the same skb a second time. Carries a CVSS 3.1 base of 7.8 (AV:L/PR:L), but with a low EPSS of 0.15% (5th percentile), no KEV listing, and no public exploit identified at time of analysis.

Code Injection Linux Intel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-52987 HIGH PATCH This Week

Local privilege escalation and kernel memory corruption is possible in the Linux kernel's AMD GPU driver (amdgpu) via a double drm_exec_fini() in the user-queue validation path. When amdgpu_userq_vm_validate() runs with new_addition set, a failure in amdgpu_ttm_tt_get_user_pages() routes execution to a cleanup label that finalizes the already-freed drm_exec object a second time, corrupting kernel state. No public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.16% (6th percentile), consistent with a hard-to-trigger local bug rather than a mass-exploited flaw.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-45898 CRITICAL PATCH Act Now

Kernel memory corruption in the Linux iWARP Connection Manager (RDMA/iwcm) subsystem can crash systems running RDMA workloads on iWARP-capable hardware such as Intel E830 adapters. The bug, introduced by commit e1168f0 ('RDMA/iwcm: Simplify cm_event_handler()'), causes workqueue list corruption when iwcm_work items from a free list are reused while still queued, triggering a kernel BUG and panic. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile), despite a CVSS base score of 9.8.

Debian Ubuntu Information Disclosure Intel Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43494 HIGH POC PATCH CISA Act Now

Local privilege escalation potential in the Linux kernel's RDS (Reliable Datagram Sockets) subsystem stems from a double-free condition triggered when zerocopy page pinning fails during sendmsg() operations. The flaw, introduced in Linux 4.17, allows local authenticated users to corrupt kernel memory by exploiting an error path in rds_message_zcopy_from_user() that fails to reset op_nents, causing rds_message_purge() to free pages that were already released. Publicly available exploit code exists, though EPSS scoring is very low (0.02%) and the issue is not listed in CISA KEV.

Linux Information Disclosure
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-impacting memory corruption in the Linux kernel's Intel ice network driver allows a double-free of a transmit buffer's skb when the TX offload paths fail. When ice_tso() or ice_tx_csum() return an error, ice_xmit_frame_ring() frees the skb but leaves the 'first' tx_buf still marked ICE_TX_BUF_SKB, so a later ice_clean_tx_ring() during interface teardown frees the same skb a second time. Carries a CVSS 3.1 base of 7.8 (AV:L/PR:L), but with a low EPSS of 0.15% (5th percentile), no KEV listing, and no public exploit identified at time of analysis.

Code Injection Linux Intel
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and kernel memory corruption is possible in the Linux kernel's AMD GPU driver (amdgpu) via a double drm_exec_fini() in the user-queue validation path. When amdgpu_userq_vm_validate() runs with new_addition set, a failure in amdgpu_ttm_tt_get_user_pages() routes execution to a cleanup label that finalizes the already-freed drm_exec object a second time, corrupting kernel state. No public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.16% (6th percentile), consistent with a hard-to-trigger local bug rather than a mass-exploited flaw.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Kernel memory corruption in the Linux iWARP Connection Manager (RDMA/iwcm) subsystem can crash systems running RDMA workloads on iWARP-capable hardware such as Intel E830 adapters. The bug, introduced by commit e1168f0 ('RDMA/iwcm: Simplify cm_event_handler()'), causes workqueue list corruption when iwcm_work items from a free list are reused while still queued, triggering a kernel BUG and panic. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile), despite a CVSS base score of 9.8.

Debian Ubuntu Information Disclosure +2
NVD VulDB
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

Local privilege escalation potential in the Linux kernel's RDS (Reliable Datagram Sockets) subsystem stems from a double-free condition triggered when zerocopy page pinning fails during sendmsg() operations. The flaw, introduced in Linux 4.17, allows local authenticated users to corrupt kernel memory by exploiting an error path in rds_message_zcopy_from_user() that fails to reset op_nents, causing rds_message_purge() to free pages that were already released. Publicly available exploit code exists, though EPSS scoring is very low (0.02%) and the issue is not listed in CISA KEV.

Linux Information Disclosure
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy