SB20260320107 - Improper Resource Shutdown or Release in Linux kernel btrfs
Published: March 20, 2026
Security Bulletin ID
SB20260320107
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Resource Shutdown or Release (CVE-ID: CVE-2025-71268)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a resource management error in the Btrfs filesystem component when handling qgroup data during inline extent insertion. A local user can trigger a reservation leak in error paths to cause a denial of service.
The vulnerability specifically occurs if allocation of a path or transaction join fails, leading to unfreed qgroup reservations. This results in gradual resource exhaustion over time.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/28768bd3abf9995a93f6e01bfce01c60622964dd
- https://git.kernel.org/stable/c/28b97fcbbf523779688e8de5fe55bf2dae3859f6
- https://git.kernel.org/stable/c/c1c050f92d8f6aac4e17f7f2230160794fceef0c
- https://git.kernel.org/stable/c/f3ee1732851aec6fe6b2cec2ef1b32d4e71d9913
- https://git.kernel.org/stable/c/f7156512c8166d385f574b9ec030479aa7b1e8c9