CVE-2025-71269 in Linux
Summary
by MITRE • 03/18/2026
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not free data reservation in fallback from inline due to -ENOSPC
If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret is <= 0).
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/21/2026
The vulnerability identified as CVE-2025-71269 resides within the Linux kernel's btrfs filesystem implementation, specifically addressing a critical flaw in how data reservations are handled during extent creation operations. This issue manifests when the system attempts to create inline extents but encounters insufficient space conditions that trigger a fallback mechanism to the standard copy-on-write path. The flaw represents a fundamental mismanagement of qgroup data reservation resources that can lead to resource exhaustion and potential system instability.
The technical root cause stems from improper resource cleanup logic within the btrfs filesystem driver where qgroup data reservations are consistently freed regardless of whether the operation successfully transitions to the fallback COW path. When the inline extent creation fails due to -ENOSPC (insufficient space) error, the system correctly attempts to fall back to the normal COW mechanism by reserving extents and creating ordered extents. However, the existing code structure incorrectly frees the previously reserved qgroup data even when this reservation should be retained for the actual data usage that occurs during the fallback process.
This improper resource management creates a scenario where qgroup accounting becomes inconsistent, potentially leading to incorrect space calculations and resource allocation errors within the btrfs filesystem. The fix implemented addresses this by modifying the conditional logic in __cow_file_range_inline() to only free the reserved qgroup data when the operation is not performing a fallback, ensuring that reservations are properly maintained when transitioning to the standard COW path for actual data creation. The vulnerability aligns with CWE-459, which describes incomplete cleanup issues, and can be categorized under ATT&CK technique T1490 for data destruction through resource exhaustion.
The operational impact of this vulnerability extends beyond simple resource management concerns to potentially compromise filesystem integrity and system stability. When the fallback mechanism is triggered during high-pressure storage conditions, the incorrect handling of qgroup reservations can cause cascading failures in filesystem operations, leading to potential data loss or system crashes. This issue particularly affects systems running btrfs filesystems under heavy I/O loads where inline extent creation frequently fails due to space constraints, making the fallback mechanism more likely to be invoked. The fix ensures proper resource lifecycle management and maintains the consistency of qgroup accounting throughout the filesystem's operation, preventing potential denial of service conditions and maintaining the reliability of btrfs storage operations.
Mitigation strategies should focus on applying the kernel patch that corrects the conditional logic for qgroup data reservation handling. System administrators should prioritize updating their Linux kernel versions to include this fix, particularly in production environments running btrfs filesystems where storage pressure scenarios are common. Monitoring for filesystem space exhaustion conditions and implementing proper storage management practices can help reduce the likelihood of triggering this specific code path, though the patch remains essential for complete protection against potential resource management issues.