Home

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it is picked up by btrfs_uring_read_finished() whenever that executes in the future. But that's just the happy path. Along the way previous allocations might have gone wrong, or we might not get -EIOCBQUEUED from btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a cleanup section that frees all memory allocated by this function without assuming any deferred execution, and this also needs to happen for the 'pages' allocation.

PUBLISHED Reserved 2026-01-13 | Published 2026-04-03 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

34310c442e175f286b4c06ab5caa4e0b267ea31c (git) before d4f210de01eaccac61eee657f676045ef9771d07
affected

34310c442e175f286b4c06ab5caa4e0b267ea31c (git) before 628895890b0c9ac9129129e89455da7db95ba343
affected

34310c442e175f286b4c06ab5caa4e0b267ea31c (git) before 3f501412f2079ca14bf68a18d80a2b7a823f1f64
affected

Default status
affected

6.13
affected

Any version before 6.13
unaffected

6.18.17 (semver)
unaffected

6.19.7 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/d4f210de01eaccac61eee657f676045ef9771d07

git.kernel.org/...c/628895890b0c9ac9129129e89455da7db95ba343

git.kernel.org/...c/3f501412f2079ca14bf68a18d80a2b7a823f1f64

cve.org (CVE-2026-23423)

nvd.nist.gov (CVE-2026-23423)

Download JSON