SB2026050937 - Improper Check or Handling of Exceptional Conditions in Linux kernel btrfs
Published: May 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2026-43360)
CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of name hash collisions in btrfs directory item insertion when creating files with colliding names. A local user can create multiple specially crafted filenames with the same hash to cause a denial of service.
Successful exploitation aborts the transaction and remounts the filesystem read-only.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0625e564290450c1921b115fc3d9abef74e055bd
- https://git.kernel.org/stable/c/2d1ababdedd4ba38867c2500eb7f95af5ddeeef7
- https://git.kernel.org/stable/c/36947b5200b89bbe3a63629c12d4b31c84c0af9f
- https://git.kernel.org/stable/c/5e2ea10b800d1bbb95e0c01a83f4f8119ac5d688
- https://git.kernel.org/stable/c/64ad49597d14c495ab8b7933bfefc83936a598e4
- https://git.kernel.org/stable/c/9273175bf16c83f3ec93aa242d78c9b5db452d4d