Description
In the Linux kernel, the following vulnerability has been resolved:

btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()

There is no need to BUG(), we can just return an error and log an error
message.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The btrfs filesystem module contained a bug where an unexpected delayed reference type entered run_one_delayed_ref() caused a BUG() macro to be executed, immediately triggering a kernel panic. This crash path caused the entire system to halt, representing a classic denial of service attack when the error is surfaced. The flaw is an improper handling of unexpected input that escalated to a fatal kernel fault, a vulnerability that falls under CWE-617: Improper Input Validation.

Affected Systems

All Linux kernel releases that include the btrfs module and do not contain the commit 5549743e11c06da23cfa7712a994b9f1e69064c6 or later are affected. This includes typical distribution kernels that have not been updated to the most recent release in the current maintenance cycle. Users should check the kernel version or the presence of the commit hash to determine exposure.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is not available, making it difficult to gauge exploit probability. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed exploitation in the wild. The likely attack vector is local, requiring the ability to manipulate btrfs metadata or trigger an unexpected delayed reference type. If those conditions are met, an attacker could force a system crash, halting all processes until a reboot.

Generated by OpenCVE AI on May 9, 2026 at 05:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel update that contains the btrfs commit 5549743e11c06da23cfa7712a994b9f1e69064c6, which replaces the BUG() path with error handling and logging.
  • Restrict or sandbox untrusted processes from mounting or modifying btrfs filesystems, for example by enforcing strict mount privileges or using security policies such as SELinux or AppArmor.
  • If an immediate kernel upgrade is not possible, consider unmounting the affected btrfs filesystem or disabling it entirely until the fix is available to prevent the crash trigger.

Generated by OpenCVE AI on May 9, 2026 at 05:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-736
CWE-749

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 08 May 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-736
CWE-749

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error and log an error message.
Title btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-09T04:10:21.987Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43308

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:38.137

Modified: 2026-05-08T14:16:38.137

Link: CVE-2026-43308

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43308 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T05:45:26Z

Weaknesses