Main Vulnerability Database Vulnerabilities #VU124200

#VU124200 Resource exhaustion in Linux kernel - CVE-2025-71269

Published: March 20, 2026

Vulnerability identifier: #VU124200

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-71269

CWE-ID: CWE-400

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource management in the btrfs filesystem's qgroup data reservation handling when processing file writes that trigger a fallback from inline extent creation. A local user can perform file operations that cause an ENOSPC condition during inline extent creation, leading to incorrect release of qgroup data reservations while still proceeding with the normal COW path, resulting in unbalanced quota accounting and potential denial of service.

The attacker must have the ability to write to a btrfs filesystem and trigger space allocation under conditions of low available space; this typically requires low-privileged local access but does not require administrative privileges beyond standard user write permissions.

Remediation

Install security update from vendor's repository.

#VU124200 Resource exhaustion in Linux kernel - CVE-2025-71269

Description

Remediation

External links

Please verify you're human