Description
In the Linux kernel, the following vulnerability has been resolved:

btrfs: log new dentries when logging parent dir of a conflicting inode

If we log the parent directory of a conflicting inode, we are not logging
the new dentries of the directory, so when we finish we have the parent
directory's inode marked as logged but we did not log its new dentries.
As a consequence if the parent directory is explicitly fsynced later and
it does not have any new changes since we logged it, the fsync is a no-op
and after a power failure the new dentries are missing.

Example scenario:

$ mkdir foo

$ sync

$rmdir foo

$ mkdir dir1
$ mkdir dir2

# A file with the same name and parent as the directory we just deleted
# and was persisted in a past transaction. So the deleted directory's
# inode is a conflicting inode of this new file's inode.
$ touch foo

$ ln foo dir2/link

# The fsync on dir2 will log the parent directory (".") because the
# conflicting inode (deleted directory) does not exists anymore, but it
# it does not log its new dentries (dir1).
$ xfs_io -c "fsync" dir2

# This fsync on the parent directory is no-op, since the previous fsync
# logged it (but without logging its new dentries).
$ xfs_io -c "fsync" .

<power failure>

# After log replay dir1 is missing.

Fix this by ensuring we log new dir dentries whenever we log the parent
directory of a no longer existing conflicting inode.

A test case for fstests will follow soon.
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the btrfs filesystem, the kernel fails to log new directory entries when it logs the parent directory of a conflicting inode. If the parent directory is later fsynced, the filesystem records it as up‑to‑date without recording those new entries. After a power failure, the log replay restores the filesystem but the missing entries are never recreated, leading to disappearance of directories or files and resulting in data loss or corruption. This defect relates to CWE‑821; the NVD also lists it as NVD‑CWE‑noinfo, which indicates a lack of specific CWE mapping beyond the primary CWE‑821 for improper control over resource processing order. While the vulnerability does not provide remote code execution, it can be triggered by a local or privileged user who creates new files or directories, then performs an explicit fsync on a parent directory, and subsequently forces a power failure. The lack of an active exploit record and absence from CISA’s KEV list suggest current exploitation is limited but the risk remains moderate.

Affected Systems

Linux kernel implementations that use the btrfs filesystem are affected. The vulnerability applies to any distribution shipping a kernel that contains the buggy btrfs code. No specific kernel versions are listed, so all current kernels that have not yet received the patch may be vulnerable.

Risk and Exploitability

The medium CVSS score of 5.5, the EPSS score of <1 % indicating a very low exploitation probability, and the lack of inclusion in the CISA KEV catalog together suggest that exploitation is unlikely. The risk is limited to local or privileged users who can create new entries, fsync parent directories, and force a power failure. No public exploits are known, but the potential for permanent data loss persists, warranting timely remediation.

Generated by OpenCVE AI on May 20, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the btrfs logging fix
  • If an immediate kernel update is unavailable, avoid performing explicit fsync on directories that contain newly created entries until the kernel is patched
  • Back up critical data regularly to recover from possible inode loss
  • Monitor vendor release notes for updates addressing the btrfs logging issue

Generated by OpenCVE AI on May 20, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when logging parent dir of a conflicting inode If we log the parent directory of a conflicting inode, we are not logging the new dentries of the directory, so when we finish we have the parent directory's inode marked as logged but we did not log its new dentries. As a consequence if the parent directory is explicitly fsynced later and it does not have any new changes since we logged it, the fsync is a no-op and after a power failure the new dentries are missing. Example scenario: $ mkdir foo $ sync $rmdir foo $ mkdir dir1 $ mkdir dir2 # A file with the same name and parent as the directory we just deleted # and was persisted in a past transaction. So the deleted directory's # inode is a conflicting inode of this new file's inode. $ touch foo $ ln foo dir2/link # The fsync on dir2 will log the parent directory (".") because the # conflicting inode (deleted directory) does not exists anymore, but it # it does not log its new dentries (dir1). $ xfs_io -c "fsync" dir2 # This fsync on the parent directory is no-op, since the previous fsync # logged it (but without logging its new dentries). $ xfs_io -c "fsync" . <power failure> # After log replay dir1 is missing. Fix this by ensuring we log new dir dentries whenever we log the parent directory of a no longer existing conflicting inode. A test case for fstests will follow soon.
Title btrfs: log new dentries when logging parent dir of a conflicting inode
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:07:30.919Z

Reserved: 2026-01-13T15:37:46.021Z

Link: CVE-2026-23465

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:33.850

Modified: 2026-05-20T15:17:02.353

Link: CVE-2026-23465

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23465 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T17:00:14Z

Weaknesses