CVE-2026-43117
Btrfs Sync File Use-After-Free via OverlayFS
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's btrfs filesystem tracepoints. Specifically, when an overlay filesystem is used on top of btrfs, the code incorrectly retrieves the superblock from a dentry structure. Instead of getting the btrfs superblock, it gets the overlay's superblock, which causes incorrect fsid assignment and can lead to a system crash.
The fix involves changing the code to use file_inode(file)->i_sb to always get the correct btrfs superblock.
How can this vulnerability impact me? :
This vulnerability can cause a system crash when using an overlay filesystem on top of btrfs due to incorrect superblock handling. Such crashes can lead to system instability, potential data loss, and downtime.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by correcting the way the superblock is retrieved in the btrfs tracepoints, specifically by using file_inode(file)->i_sb to always get the correct btrfs superblock.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.