CVEbaza.plSłownik CWECWE-1341
Common Weakness Enumeration

CWE-1341

Multiple Releases of Same Resource or Handle

Kategoria: BaseCVE: 9
Opis

Produkt próbuje zamknąć lub zwolnić zasób lub uchwyt więcej niż jeden raz, bez żadnego udanego otwarcia między operacjami zamknięcia. Może to prowadzić do niepoprawneg zachowania programu lub błędów w trakcie wykonania.

Description (EN)

The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.

Podatności CVE z CWE-1341 (9)
9.8
CVSS
CRITICAL
CVE-2026-45898

Podatność w podsystemie RDMA/iwcm jądra Linux powoduje korupcję wewnętrznych list workqueue, co może prowadzić do krytycznych błędów systemowych. Problem wynika z nieprawidłowej logiki kolejkowania zadań wprowadzonej wcześniejszą zmianą w funkcji cm_event_handler().

pub. 2026-05-27
8.8
CVSS
HIGH
CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

pub. 2026-05-04
7.8
CVSS
HIGH
CVE-2026-52987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drm_exec_fini() in userq validate When new_addition is true, amdgpu_userq_vm_validate() calls drm_exec_fini(&exec) before iterating over the collected HMM ranges and calling amdgpu_ttm_tt_get_user_pages(). If amdgpu_ttm_tt_get_user_pages() fails in that path, the code jumps to unlock_all and calls drm_exec_fini(&exec) a second time on the same exec object. drm_exec_fini() is not idempotent: it frees exec->objects and may also drop exec->contended and finalize the ww acquire context. Route that error path directly to the range cleanup once exec has already been finalized. Issue found using a prototype static analysis tool and confirmed by code review. (cherry picked from commit 2802952e4a07306da6ebe813ff1acacc5691851a)

pub. 2026-06-24
7.8
CVSS
HIGH
CVE-2026-53009

In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of tx_buf skb If ice_tso() or ice_tx_csum() fail, the error path in ice_xmit_frame_ring() frees the skb, but the 'first' tx_buf still points to it and is marked as valid (ICE_TX_BUF_SKB). 'next_to_use' remains unchanged, so the potential problem will likely fix itself when the next packet is transmitted and the tx_buf gets overwritten. But if there is no next packet and the interface is brought down instead, ice_clean_tx_ring() -> ice_unmap_and_free_tx_buf() will find the tx_buf and free the skb for the second time. The fix is to reset the tx_buf type to ICE_TX_BUF_EMPTY in the error path, so that ice_unmap_and_free_tx_buf(). Move the initialization of 'first' up, to ensure it's already valid in case we hit the linearization error path. The bug was spotted by AI while I had it looking for something else. It also proposed an initial version of the patch. I reproduced the bug and tested the fix by adding code to inject failures, on a build with KASAN. I looked for similar bugs in related Intel drivers and did not find any.

pub. 2026-06-24
7.8
CVSS
HIGH
CVE-2026-46189

In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

pub. 2026-05-28
7.8
CVSS
HIGH
CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().

pub. 2026-05-21
7.8
CVSS
HIGH
CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), so original goto out is now wrong and will double-mmput() mm_struct. Fix by jumping further to clean up only vm_file and name_buf.

pub. 2026-05-06
7.5
CVSS
HIGH
CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

pub. 2026-05-07
5.1
CVSS
MEDIUM
CVE-2026-6654

Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

pub. 2026-04-20
Informacje
ID: CWE-1341
Typ: Base
Podatności: 9
MITRE CWE ↗
← Słownik CWE
CWE-1341 — Wielokrotne zamknięcie tego samego zasobu lub uchwytu | Słownik CWE | CVEbaza.pl