Description
In the Linux kernel, the following vulnerability has been resolved:

btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()

If overlay is used on top of btrfs, dentry->d_sb translates to overlay's
super block and fsid assignment will lead to a crash.

Use file_inode(file)->i_sb to always get btrfs_sb.
Published: 2026-05-06
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, the bug occurs in the Linux kernel’s btrfs filesystem when overlayfs is mounted above a btrfs volume. The kernel incorrectly uses dentry->d_sb instead of the file inode’s superblock during btrfs_sync_file(); this mismatch causes the fsid assignment to fail, which in turn triggers a kernel panic. The result is a local denial‑of‑service – the system hangs or restarts, terminating user processes and potentially losing data.

Affected Systems

Any Linux kernel that contains the unpatched btrfs_sync_file() implementation is affected. In particular, systems that run a kernel capable of overlayfs on a btrfs filesystem, with overlayfs enabled over that volume, are vulnerable. No exact kernel versions are listed in the CVE record; therefore any installation older than the patch that includes the buggy logic remains at risk. The vendor is the Linux kernel project.

Risk and Exploitability

The CVSS score of 9.1 indicates critical severity, but the EPSS score of < 1% indicates a very low probability of exploitation. The flaw is not listed in CISA’s KEV catalog, suggesting no confirmed or widespread exploitation. The likely attack vector is local access: a user who can write or modify a file on the overlayed btrfs volume can invoke btrfs_sync_file() and trigger the crash. Although the impact is limited to denial of service, the kernel panic is disruptive enough to warrant prompt patching.

Generated by OpenCVE AI on May 8, 2026 at 23:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the patched version that corrects btrfs_sync_file() superblock handling.
  • If overlayfs over btrfs is unnecessary, unmount or disable overlayfs to remove the vulnerability.
  • In environments where a kernel update cannot be applied immediately, apply a temporary kernel source patch that replaces dentry->d_sb with file_inode(file)->i_sb in the fsid assignment.
  • Implement monitoring for kernel panics and set up alerts so administrators can respond quickly.

Generated by OpenCVE AI on May 8, 2026 at 23:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Fri, 08 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 06 May 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash. Use file_inode(file)->i_sb to always get btrfs_sb.
Title btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:18:05.180Z

Reserved: 2026-05-01T14:12:55.987Z

Link: CVE-2026-43117

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:25.513

Modified: 2026-05-08T17:43:39.250

Link: CVE-2026-43117

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43117 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T23:45:20Z

Weaknesses