265 matches found
CVE-2026-46129
A flaw was found in the Linux kernel, specifically within the btrfs filesystem. This vulnerability, a double free, occurs in the createspaceinfo function's error handling path. When an internal object initialization fails, the system attempts to release memory twice for the same resource. This ca...
CVE-2026-46159
A flaw was found in the btrfs filesystem within the Linux kernel. A Time-of-check to time-of-use TOCTOU race condition in the btrfsioctlspaceinfo function allows a local attacker to exploit a timing window. This occurs when the system counts entries for allocation size and then fills a buffer, bu...
Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-8297-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8297-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission chec...
CVE-2026-43338
A flaw was found in the Linux kernel's Btrfs filesystem. The qgroup ioctls input/output control system calls for quota groups do not reserve sufficient transaction space. A local user can exploit this by performing specific qgroup operations, which can lead to a transaction abort and result in a...
CVE-2026-43359
A flaw was found in the Linux kernel's Btrfs file system. A local malicious user, who owns a subvolume, can exploit an item overflow vulnerability when repeatedly calling the set received ioctl with the same received UUID field for multiple subvolumes. This can trigger a transaction abort, leadin...
CVE-2026-43358
A flaw was found in the Linux kernel's btrfs filesystem. A missing Read-Copy Update RCU unlock in an error path within the tryreleasesubpageextentbuffer function could lead to system instability. This issue, identified by a thread-safety analyzer, may result in a denial of service condition,...
CVE-2026-43360
CVE-2026-43360 affects the Linux kernel Btrfs file system. A hash-collision during multi-file creation can force multiple entries into a single dir item and, once a leaf size limit is reached, abort the transaction and leave the filesystem read-only, enabling a local DoS without admin privileges....
CVE-2026-43360
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...
CVE-2026-43360
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...
CVE-2026-43359
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFSUUIDKEYRECEIVEDSUBVOL we have to abort the transaction since we did...
CVE-2026-43308
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG on unexpected delayed ref type in runonedelayedref There is no need to BUG, we can just return an error and log an error message...
UBUNTU-CVE-2026-43308
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG on unexpected delayed ref type in runonedelayedref There is no need to BUG, we can just return an error and log an error message...
CVE-2026-43299
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT when the fs flips RO inside btrfsrepairiofailure BUG There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO this part is expected, although the ENOSPC bug still needs to be...
CVE-2026-43299
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT when the fs flips RO inside btrfsrepairiofailure BUG There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO this part is expected, although the ENOSPC bug still needs to be...
PT-2026-39021
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs filesystem where creating multiple files with names that result in the same hash can lead to a transaction abort. This occurs because files with colliding...
CVE-2026-43118
A flaw was found in the Linux kernel's Btrfs filesystem. When a file is truncated to zero size and then a hardlink is created, a power failure followed by log replay can cause the file to incorrectly retain its original size instead of being zero. This data integrity issue may lead to unexpected...
CVE-2026-43117
In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfssyncfile If overlay is used on top of btrfs, dentry-dsb translates to overlay's super block and fsid assignment will lead to a crash. Use fileinodefile-isb to...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a race condition between rename operations and directory logging. There is a race condition between a rename operation and directory inode logging. If this race condition occurs, and the system crashes or loses power...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the issue of resolving backrefs for inline extents followed by prealloc extents. If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Protect folio::private when attaching an extent buffer for folios. BUG Since version 6.8, several people have reported rare kernel crashes. The common cause is incorrect page status error messages like this: BUG: Incorrect...