CWE-1341
AllowedMultiple Releases of Same Resource or Handle
Abstraction: Base · Status: Incomplete
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
11 vulnerabilities reference this CWE, most recent first.
GHSA-XXXV-9J5G-VQFC
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-07-14 12:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.
{
"affected": [],
"aliases": [
"CVE-2026-46189"
],
"database_specific": {
"cwe_ids": [
"CWE-1341",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:34Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path\n\nSashiko points out that pvrdma_uar_free() is already called within\npvrdma_dealloc_ucontext(), so calling it before triggers a double free.",
"id": "GHSA-xxxv-9j5g-vqfc",
"modified": "2026-07-14T12:31:12Z",
"published": "2026-05-28T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46189"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46189.json"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a231c34c5bc3d3cfc850b877758ec9fdaa8a483"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/269967d7693304e1f06ed2dff4ebbbeeb397cda4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1df5711121cdc11e76b889408fdbe459feba1d39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482588"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-46189"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38902"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36073"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36049"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35904"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33743"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33685"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
Mitigation
Strategy: Refactoring
It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However, flag-tracking can increase code complexity and requires diligent compliance by the programmer.
Mitigation
Strategy: Refactoring
When closing a resource, set the resource's associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value without causing errors. For other APIs, this can lead to application crashes or exceptions, which may still be preferable to corrupting an unintended resource such as memory or data.
No CAPEC attack patterns related to this CWE.