CVE-2026-23147 in Linux
Summary
by MITRE • 02/14/2026
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zlib: fix the folio leak on S390 hardware acceleration
[BUG]
After commit aa60fe12b4f4 ("btrfs: zlib: refactor S390x HW acceleration buffer preparation"), we no longer release the folio of the page cache of folio returned by btrfs_compress_filemap_get_folio() for S390 hardware acceleration path.
[CAUSE]
Before that commit, we call kumap_local() and folio_put() after handling each folio.
Although the timing is not ideal (it release previous folio at the beginning of the loop, and rely on some extra cleanup out of the loop), it at least handles the folio release correctly.
Meanwhile the refactored code is easier to read, it lacks the call to release the filemap folio.
[FIX]
Add the missing folio_put() for copy_data_into_buffer().
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/18/2026
The vulnerability CVE-2026-23147 represents a memory management issue within the Linux kernel's btrfs filesystem implementation, specifically affecting systems utilizing S390 hardware acceleration for zlib compression operations. This flaw manifests as a folio leak that occurs during the compression process when the kernel attempts to utilize hardware acceleration features on IBM System/390 architecture platforms. The issue emerged following a code refactoring commit that altered how buffer preparation occurs for S390 hardware acceleration paths, creating a regression in memory resource management that was previously handled correctly in earlier implementations.
The technical root cause of this vulnerability stems from a missing memory cleanup operation within the btrfs compression subsystem. Prior to the problematic commit aa60fe12b4f4, the codebase properly managed folio resources by invoking kumap_local() followed by folio_put() for each processed folio, ensuring proper release of filemap folios. However, the refactored code simplified the implementation for better readability while inadvertently omitting the crucial folio_put() call that was necessary for releasing the folio returned by btrfs_compress_filemap_get_folio() during S390 hardware acceleration operations. This regression means that when the compression process handles multiple folios, each subsequent folio becomes leaked from the page cache, creating a gradual memory consumption issue that can escalate over time.
The operational impact of this vulnerability extends beyond simple memory consumption concerns, as it represents a classic memory leak pattern that can lead to progressive system degradation and potential denial of service conditions. When systems with active btrfs filesystems perform compression operations using S390 hardware acceleration, each compression cycle results in a folio leak that accumulates over time, potentially leading to memory exhaustion and system instability. The vulnerability affects systems running Linux kernels that implement btrfs filesystem with zlib compression and S390 hardware acceleration, making it particularly relevant for enterprise environments utilizing IBM mainframe systems or virtualized environments that leverage S390 architecture features.
This vulnerability aligns with CWE-401: "Improper Release of Memory Before Removing Last Reference" and demonstrates the critical importance of proper resource management in kernel space operations where memory leaks can have cascading effects on system stability. From an attack perspective, while this vulnerability does not directly enable privilege escalation or remote code execution, it creates conditions that could be exploited in combination with other weaknesses to achieve denial of service or resource exhaustion attacks. The fix implemented addresses the issue by reintroducing the missing folio_put() call in the copy_data_into_buffer() function, restoring proper memory management and preventing the accumulation of unreleased folios during compression operations.
The mitigation strategy for this vulnerability involves applying the kernel patch that reintroduces the missing folio_put() call, ensuring that all folios returned by btrfs_compress_filemap_get_folio() are properly released during S390 hardware acceleration compression operations. System administrators should prioritize updating their kernel versions to include this fix, particularly in environments where btrfs filesystems with zlib compression and S390 hardware acceleration are actively utilized. Additionally, monitoring memory consumption patterns in affected systems can help identify potential impacts from this vulnerability before the patch is applied, while implementing proper resource management practices ensures that similar issues do not occur in future kernel modifications. The fix demonstrates the importance of thorough regression testing during code refactoring, especially in kernel subsystems where resource management directly impacts system stability and performance.