Description
In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found

If btrfs_search_slot_for_read() returns 1, it means we did not find any
key greater than or equals to the key we asked for, meaning we have
reached the end of the tree and therefore the path is not valid. If
this happens we need to break out of the loop and stop, instead of
continuing and accessing an invalid path.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A defect in the Linux kernel’s Btrfs file system triggers an invalid leaf access when the btrfs_quota_enable() function is called and a reference key cannot be found. The code fails to break out of the search loop at the end of the Btrfs tree, potentially dereferencing an out‑of‑bounds pointer. This can lead to a kernel crash and a loss of availability. The impact is inferred from the fact that the code continues after a missing key and the comment indicates a potential out‑of‑bounds access; the CVE data does not explicitly state a crash, but such behavior is a common consequence of this type of error.

Affected Systems

All Linux kernel builds that include the Btrfs file system and expose the btrfs_quota_enable logic without the recent patch are affected. The flaw exists in any distribution kernel until the commit that implements the described fix, which is incorporated into newer kernel releases.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, reflecting the risk of a kernel crash if the buggy path is exercised. EPSS score of <1% and the vulnerability is not listed in the CISA KEV catalog, indicating limited exploitation activity so far. Nonetheless, an attacker with sufficient privileges to modify Btrfs quotas or mount Btrfs volumes as read‑write could trigger the defect and cause a local denial‑of‑service via a kernel panic. The likely attack vector is local, requiring privileged access.

Generated by OpenCVE AI on June 17, 2026 at 00:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the fix for the btrfs_quota_enable bug
  • If an immediate upgrade is not possible, disable Btrfs quota features on affected volumes to prevent the faulty path from being executed
  • Ensure that only privileged users have permission to modify Btrfs quotas or to mount Btrfs filesystems as read‑write

Generated by OpenCVE AI on June 17, 2026 at 00:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10:rc7:*:*:*:*:*:*

Thu, 28 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-20

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-20

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found If btrfs_search_slot_for_read() returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the tree and therefore the path is not valid. If this happens we need to break out of the loop and stop, instead of continuing and accessing an invalid path.
Title btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:33.107Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45974

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:14.430

Modified: 2026-06-16T02:41:44.157

Link: CVE-2026-45974

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45974 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:30:15Z

Weaknesses