#VU124202 Improper Resource Shutdown or Release in Linux kernel - CVE-2025-71268
Published: March 20, 2026
Vulnerability identifier: #VU124202
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-71268
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a resource management error in the Btrfs filesystem component when handling qgroup data during inline extent insertion. A local user can trigger a reservation leak in error paths to cause a denial of service.
The vulnerability specifically occurs if allocation of a path or transaction join fails, leading to unfreed qgroup reservations. This results in gradual resource exhaustion over time.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/28768bd3abf9995a93f6e01bfce01c60622964dd
- https://git.kernel.org/stable/c/28b97fcbbf523779688e8de5fe55bf2dae3859f6
- https://git.kernel.org/stable/c/c1c050f92d8f6aac4e17f7f2230160794fceef0c
- https://git.kernel.org/stable/c/f3ee1732851aec6fe6b2cec2ef1b32d4e71d9913
- https://git.kernel.org/stable/c/f7156512c8166d385f574b9ec030479aa7b1e8c9