SB2026040663 - Always-Incorrect Control Flow Implementation in Linux kernel btrfs
Published: April 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2026-23465)
The vulnerability allows a local user to cause data loss.
The vulnerability exists due to improper handling of directory entry logging in btrfs directory logging when logging the parent directory of a conflicting inode during fsync and log replay conditions. A local user can create and remove directories and files and trigger fsync operations to cause data loss.
After a power failure and log replay, newly created directory entries may be missing because the parent directory can be marked as logged without its new dentries being recorded.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1cf30c73602c69d750c9345c47f2c0e9d0cfb578
- https://git.kernel.org/stable/c/56e72c8b02d982be775d9df025357c152383ee84
- https://git.kernel.org/stable/c/6f5a51969b1deb79aefd2194b48fe7e78e72ff7e
- https://git.kernel.org/stable/c/9573a365ff9ff45da9222d3fe63695ce562beb24
- https://git.kernel.org/stable/c/f556b1e09d054e31f464c0fd37280c2b5a393fee