CVE-2026-23141 in Linuxinfo

Summary

by MITRE • 02/14/2026

In the Linux kernel, the following vulnerability has been resolved:

btrfs: send: check for inline extents in range_is_hole_in_parent()

Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if this inline extent item is the first item in the leaf or access metadata from other items.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/18/2026

The vulnerability identified as CVE-2026-23141 represents a critical memory access issue within the Linux kernel's Btrfs file system implementation. This flaw exists in the btrfs send functionality where the kernel fails to properly validate the type of file extent items before accessing their disk_bytenr field. The vulnerability stems from a lack of proper inline extent checking in the range_is_hole_in_parent() function, which creates a dangerous condition where the kernel attempts to access memory locations that may contain inline data rather than actual disk block references. This type of vulnerability falls under the CWE-125 vulnerability category, which encompasses out-of-bounds read conditions that can lead to information disclosure or system instability. The issue specifically affects the Btrfs file system's ability to properly handle inline data structures during send operations, where the kernel's assumptions about data layout become invalid.

The technical flaw manifests when the kernel processes file extent items that are marked as inline extents within the Btrfs file system. In Btrfs, inline extents store file data directly within the extent item structure itself rather than referencing external disk blocks. When the range_is_hole_in_parent() function attempts to access the disk_bytenr field without first checking if the extent is inline, it treats inline data as if it were a disk block reference. This creates a scenario where the kernel may attempt to read memory locations that contain actual file data rather than disk block addresses, potentially leading to invalid memory access patterns. The vulnerability is particularly dangerous when the inline extent item is positioned at the beginning of a leaf node, as this can cause the kernel to read past the intended data structure boundaries. This behavior aligns with ATT&CK technique T1059.001, which involves executing malicious code through kernel-level vulnerabilities, and represents a classic example of improper input validation that can lead to arbitrary code execution or system crashes.

The operational impact of this vulnerability extends beyond simple system instability to potentially enable privilege escalation and data corruption within Btrfs file systems. When exploited, this vulnerability can cause kernel panics, system crashes, or more insidiously, allow attackers to read arbitrary memory locations or manipulate file system metadata. The vulnerability affects systems running Linux kernels with Btrfs file systems that utilize the send functionality, which is commonly used for backup operations, replication, and incremental file system synchronization. Attackers could potentially leverage this vulnerability to gain unauthorized access to file system metadata, leading to data leakage or complete system compromise. The memory access violations could also result in denial of service conditions that would prevent legitimate system operations. This vulnerability directly impacts the integrity and availability of Btrfs file systems, particularly in enterprise environments where Btrfs is used for critical data storage and backup operations. The risk is amplified because the vulnerability occurs during normal file system operations and may not be immediately apparent to system administrators, making it a stealthy threat that could go undetected for extended periods. Organizations using Btrfs file systems should prioritize patching this vulnerability to prevent potential exploitation that could lead to complete system compromise.

Responsible

Linux

Reservation

01/13/2026

Disclosure

02/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00123

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!