CVE-2026-23423
Use-After-Free Memory Leak in Linux Kernel btrfs_uring_read_extent
Publication date: 2026-04-03
Last updated on: 2026-04-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13.1 (inc) to 6.18.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's btrfs filesystem code, specifically in the function btrfs_uring_read_extent(). The issue is that a 'pages' object allocated during this function is not properly freed in error cases. The code assumes that the 'pages' object will be freed later by another function (btrfs_uring_read_finished()), but this only happens in the normal (happy) path. If an error occurs during allocation or reading, the cleanup code frees all other allocated memory but neglects to free the 'pages' object, leading to a potential memory leak.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a memory leak in the Linux kernel's btrfs filesystem code. Over time, repeated triggering of this error path could cause increased memory usage, potentially leading to system instability or degraded performance due to exhaustion of available memory.