CVE-2026-23465
Directory Entry Logging Flaw in Linux btrfs Causes Data Loss
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's btrfs filesystem. When logging the parent directory of a conflicting inode, the system fails to log the new directory entries (dentries) of that parent directory. As a result, the parent directory's inode is marked as logged, but its new dentries are not.
This causes a problem during fsync operations: if the parent directory is explicitly fsynced later and has no new changes since it was logged, the fsync becomes a no-op. After a power failure, this leads to the new dentries being missing from the filesystem.
An example scenario involves creating and deleting directories and files with conflicting inodes, where after a power failure, some directories (like 'dir1' in the example) disappear because their dentries were never properly logged.
The fix ensures that whenever the parent directory of a no longer existing conflicting inode is logged, its new dentries are also logged to prevent data loss.
How can this vulnerability impact me? :
This vulnerability can lead to data loss in the filesystem after a power failure. Specifically, new directory entries that were not properly logged may be missing when the system recovers, causing files or directories to disappear unexpectedly.
Such data loss can affect system stability, data integrity, and reliability, potentially disrupting applications or services relying on the affected filesystem.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to the Linux kernel's btrfs filesystem and involves missing logging of new dentries when logging the parent directory of a conflicting inode. Detection involves observing filesystem behavior related to directory fsync operations and potential data loss after power failures.
An example scenario to detect the issue involves creating and deleting directories and files with conflicting inodes, then performing fsync operations and checking for missing directories after a simulated power failure.
- mkdir foo
- sync
- rmdir foo
- mkdir dir1
- mkdir dir2
- touch foo
- ln foo dir2/link
- xfs_io -c "fsync" dir2
- xfs_io -c "fsync" .
After these commands, a power failure simulation and subsequent log replay may reveal missing directories (e.g., dir1), indicating the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by ensuring that new directory dentries are logged whenever the parent directory of a no longer existing conflicting inode is logged.
Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.
Until the update is applied, be cautious with filesystem operations involving directory deletions and recreations that may trigger this issue, and ensure regular backups to prevent data loss after power failures.