CVE-2026-23423 | Linux Kernel up to 6.18.16/6.19.6/7.0-rc2 btrfs btrfs_uring_read_extent allocation of resources
VulDBArchived Apr 03, 2026✓ Full text saved
A vulnerability classified as critical has been found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc2 . This issue affects the function btrfs_uring_read_extent of the component btrfs . Performing a manipulation results in allocation of resources. This vulnerability is known as CVE-2026-23423 . Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-355096 · CVE-2026-23423 · GCVE-0-2026-23423
LINUX KERNEL UP TO 6.18.16/6.19.6/7.0-RC2 BTRFS BTRFS_URING_READ_EXTENT ALLOCATION OF RESOURCES
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
7.6 $0-$5k 0.82+
Summaryinfo
A vulnerability classified as critical was found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc2. Impacted is the function btrfs_uring_read_extent of the component btrfs. Executing a manipulation can lead to allocation of resources. This vulnerability is handled as CVE-2026-23423. There is not any exploit available. Upgrading the affected component is advised.
Detailsinfo
A vulnerability classified as critical was found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc2. This vulnerability affects the function btrfs_uring_read_extent of the component btrfs. The manipulation with an unknown input leads to a allocation of resources vulnerability. The CWE definition for the vulnerability is CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it is picked up by btrfs_uring_read_finished() whenever that executes in the future. But that's just the happy path. Along the way previous allocations might have gone wrong, or we might not get -EIOCBQUEUED from btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a cleanup section that frees all memory allocated by this function without assuming any deferred execution, and this also needs to happen for the 'pages' allocation.
The advisory is shared for download at git.kernel.org. This vulnerability was named CVE-2026-23423 since 01/13/2026. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/03/2026).
Upgrading to version 6.18.17, 6.19.7 or 7.0-rc3 eliminates this vulnerability. Applying the patch d4f210de01eaccac61eee657f676045ef9771d07/628895890b0c9ac9129129e89455da7db95ba343/3f501412f2079ca14bf68a18d80a2b7a823f1f64 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
Productinfo
Type
Operating System
Vendor
Linux
Name
Kernel
Version
6.18.0
6.18.1
6.18.2
6.18.3
6.18.4
6.18.5
6.18.6
6.18.7
6.18.8
6.18.9
6.18.10
6.18.11
6.18.12
6.18.13
6.18.14
6.18.15
6.18.16
6.19.0
6.19.1
6.19.2
6.19.3
6.19.4
6.19.5
6.19.6
7.0-rc1
7.0-rc2
License
open-source
Website
Vendor: https://www.kernel.org/
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 8.0
VulDB Meta Temp Score: 7.6
VulDB Base Score: 8.0
VulDB Temp Score: 7.6
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Allocation of resources
CWE: CWE-770 / CWE-400 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.18.17/6.19.7/7.0-rc3
Patch: d4f210de01eaccac61eee657f676045ef9771d07/628895890b0c9ac9129129e89455da7db95ba343/3f501412f2079ca14bf68a18d80a2b7a823f1f64
Timelineinfo
01/13/2026 CVE reserved
04/03/2026 +79 days Advisory disclosed
04/03/2026 +0 days VulDB entry created
04/03/2026 +0 days VulDB entry last update
Sourcesinfo
Vendor: kernel.org
Advisory: git.kernel.org
Status: Confirmed
CVE: CVE-2026-23423 (🔒)
GCVE (CVE): GCVE-0-2026-23423
GCVE (VulDB): GCVE-100-355096
Entryinfo
Created: 04/03/2026 17:03
Changes: 04/03/2026 17:03 (59)
Complete: 🔍
Cache ID: 99:68E:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸