CVE-2025-71269
Analyzed Analyzed - Analysis Complete
Incorrect Data Reservation Freeing in Linux btrfs Causes Data Corruption

Publication date: 2026-03-18

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret is <= 0).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71269
EUVD
EUVD-2025-208842
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.10 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 4.4 (inc) to 6.1.168 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Improperly freeing reserved qgroup data in the btrfs filesystem could lead to inconsistencies in data reservation accounting. This might cause unexpected behavior in disk space management, potentially leading to data corruption or loss of data integrity when the fallback path is used after an inline extent creation failure.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability exists in the Linux kernel's btrfs filesystem. When the system fails to create an inline extent due to a lack of space (-ENOSPC), it falls back to a normal copy-on-write (COW) path which involves reserving an extent and creating an ordered extent. However, the reserved quota group (qgroup) data was always being freed incorrectly, even though it was still needed. The fix ensures that the reserved qgroup data is only freed if the fallback does not occur, preventing improper freeing of data reservation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71269. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart