Double Free Vulnerability in Linux Kernel Affecting Xen Privileged Commands
CVE-2026-31787
What is CVE-2026-31787?
A vulnerability exists in the Linux kernel's privcmd module that can lead to a double free situation due to improper management of virtual memory areas (VMAs). When a partial unmap operation is performed on a privcmd mapping, the kernel can erroneously split the VMA without the necessary controls in place. This allows for a scenario where multiple VMAs inadvertently reference the same memory resources. Consequently, when attempting to release these resources during a closure operation, the system can execute a double freeing of the same memory, potentially leading to critical stability issues and allowing attackers to exploit this vulnerability. A safeguard fix has been implemented by introducing a .may_split callback to prevent these improper splits altogether.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2b985d3a024b9e8c24e21671b34e855569763808
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1576ff3869cbd3620717195f971c85b7d7fd62b5