Description
In the Linux kernel, the following vulnerability has been resolved:

btrfs: send: check for inline extents in range_is_hole_in_parent()

Before accessing the disk_bytenr field of a file extent item we need
to check if we are dealing with an inline extent.
This is because for inline extents their data starts at the offset of
the disk_bytenr field. So accessing the disk_bytenr
means we are accessing inline data or in case the inline data is less
than 8 bytes we can actually cause an invalid
memory access if this inline extent item is the first item in the leaf
or access metadata from other items.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The Linux kernel’s Btrfs send code incorrectly accesses the disk_bytenr field of a file extent without verifying that the extent is not inline. When the extent is inline, this read accesses inline data, and if that inline data is less than eight bytes, it can trigger an invalid memory access. An attacker could exploit this flaw to cause a kernel panic or other instability, leading to service disruption. The vulnerability does not appear to provide a remote code execution path, but it can be used to crash the system.

Affected Systems

All Linux kernel builds were potentially impacted prior to the patch, including the 6.19 release candidates (rc1 through rc5). Any distribution kernel that has not been updated to the fixed commit is susceptible.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% shows a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need local access to the system, as the flaw resides in kernel‑space Btrfs send handling. Overall risk is considered moderate.

Generated by OpenCVE AI on April 16, 2026 at 17:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the Btrfs send fix deployed after the referenced commit.
  • Restrict or disable the Btrfs send feature on systems that handle untrusted data until the kernel update is applied.
  • Reboot the system following the kernel upgrade or configuration change to ensure the patch takes effect.
  • Monitor kernel logs for OOPS or panic messages related to Btrfs send processing to detect any residual impact.

Generated by OpenCVE AI on April 16, 2026 at 17:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Sat, 14 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if this inline extent item is the first item in the leaf or access metadata from other items.
Title btrfs: send: check for inline extents in range_is_hole_in_parent()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-03-25T10:20:25.118Z

Reserved: 2026-01-13T15:37:45.973Z

Link: CVE-2026-23141

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-02-14T16:15:54.163

Modified: 2026-03-25T11:16:19.240

Link: CVE-2026-23141

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23141 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:15:17Z

Weaknesses