Impact
This vulnerability addresses a deadlock in the Linux kernel’s Btrfs filesystem that can arise when the filesystem is mounted with the flushoncommit option. During a reflink operation that copies an inline extent to an offset beyond the destination inode’s current size, the kernel can deadlock between a transaction commit and the resulting writeback. The deadlock manifests as tasks becoming permanently blocked, as shown by long‑running hung workers. The impact is a denial of service because the affected tasks cannot complete, potentially disrupting all processes that rely on the Btrfs instance.
Affected Systems
Any Linux kernel that ships a Btrfs implementation with the flushoncommit mount option enabled is potentially impacted. The issue exists in all kernel versions prior to the inclusion of the patch that fixes the lock ordering logic; no specific version list is supplied, so any distribution kernel must be checked for the presence of the fix. The problem is confined to the Btrfs filesystem; other filesystems are not affected.
Risk and Exploitability
The vulnerability provides a local denial‑of‑service. The CVSS score of 5.5 indicates a moderate severity level. An attacker with the ability to trigger a reflink operation on a Btrfs filesystem with flushoncommit enabled can induce the deadlock. Since the EPSS score is < 1% and the issue is not listed in the CISA KEV catalog, the exploitation probability is expected to be low, but the impact is significant for systems that rely heavily on Btrfs. Appropriate risk is Medium‑High if the mount option is used, otherwise Low.
OpenCVE Enrichment