This vulnerability occurs in the Linux kernel’s Btrfs filesystem when inserting an inline extent. During error conditions such as failure to allocate a path or to join a transaction, the function __cow_file_range_inline() exits without releasing reserved quota‑group (qgroup) data, resulting in a memory resource leak. Repeated occurrences can gradually consume kernel memory or quota accounting structures, degrading system performance or causing service outages. The weakness is a classic memory/resource exhaustion scenario, potentially elevating to a denial‑of‑service state if the leak accumulates.

All Linux systems that use the affected Linux kernel implementation are potentially impacted. The Common Platform Enumeration points to the general Linux kernel family, with no specific vendor or version constraints indicated in the advisory. Consequently, any distribution or vendor that incorporates a kernel build containing the vulnerable btrfs path is at risk until the fix is applied.

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% reflects low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further suggesting no known widespread exploitation. Because the bug resides within kernel‑level filesystem handling, it requires local or privileged access to trigger the error paths that result in the memory leak. While the risk is not negligible, the practical exploitation window is limited, rendering the overall threat moderate.