CVE-2026-23423 in Kernelinfo

Summary

In the Linux kernel, the following vulnerability has been resolved:

btrfs: free pages on error in btrfs_uring_read_extent()

In this function the 'pages' object is never freed in the hopes that it is
picked up by btrfs_uring_read_finished() whenever that executes in the
future. But that's just the happy path. Along the way previous
allocations might have gone wrong, or we might not get -EIOCBQUEUED from
btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a
cleanup section that frees all memory allocated by this function without
assuming any deferred execution, and this also needs to happen for the
'pages' allocation.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

Linux

Reservation

01/13/2026

Disclosure

04/03/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
355096	Linux Kernel btrfs btrfs_uring_read_extent allocation of resources	770	Not defined	Official fix	CVE-2026-23423

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!