Main Vulnerability Database Vulnerabilities #VU124200

Resource exhaustion in Linux kernel - CVE-2025-71269

Published: March 20, 2026

Vulnerability identifier: #VU124200

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-71269

CWE-ID: CWE-400

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource management in the btrfs filesystem's qgroup data reservation handling when processing file writes that trigger a fallback from inline extent creation. A local user can perform file operations that cause an ENOSPC condition during inline extent creation, leading to incorrect release of qgroup data reservations while still proceeding with the normal COW path, resulting in unbalanced quota accounting and potential denial of service.

The attacker must have the ability to write to a btrfs filesystem and trigger space allocation under conditions of low available space; this typically requires low-privileged local access but does not require administrative privileges beyond standard user write permissions.

How to mitigate CVE-2025-71269

Install security update from vendor's repository.

Resource exhaustion in Linux kernel - CVE-2025-71269

Detailed vulnerability description

How to mitigate CVE-2025-71269

Sources

Please verify you're human