Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-71159 (GCVE-0-2025-71159)
Vulnerability from cvelistv5 – Published: 2026-01-23 15:23 – Updated: 2026-02-09 08:35
VLAI?
EPSS
Title
btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()
Previously, btrfs_get_or_create_delayed_node() set the delayed_node's
refcount before acquiring the root->delayed_nodes lock.
Commit e8513c012de7 ("btrfs: implement ref_tracker for delayed_nodes")
moved refcount_set inside the critical section, which means there is
no longer a memory barrier between setting the refcount and setting
btrfs_inode->delayed_node.
Without that barrier, the stores to node->refs and
btrfs_inode->delayed_node may become visible out of order. Another
thread can then read btrfs_inode->delayed_node and attempt to
increment a refcount that hasn't been set yet, leading to a
refcounting bug and a use-after-free warning.
The fix is to move refcount_set back to where it was to take
advantage of the implicit memory barrier provided by lock
acquisition.
Because the allocations now happen outside of the lock's critical
section, they can use GFP_NOFS instead of GFP_ATOMIC.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/delayed-inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8385851a5435f4006281828d428e5d0b0bbf8af",
"status": "affected",
"version": "e8513c012de75fd65e2df5499572bc6ef3f6e409",
"versionType": "git"
},
{
"lessThan": "83f59076a1ae6f5c6845d6f7ed3a1a373d883684",
"status": "affected",
"version": "e8513c012de75fd65e2df5499572bc6ef3f6e409",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/delayed-inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.18"
},
{
"lessThan": "6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()\n\nPreviously, btrfs_get_or_create_delayed_node() set the delayed_node\u0027s\nrefcount before acquiring the root-\u003edelayed_nodes lock.\nCommit e8513c012de7 (\"btrfs: implement ref_tracker for delayed_nodes\")\nmoved refcount_set inside the critical section, which means there is\nno longer a memory barrier between setting the refcount and setting\nbtrfs_inode-\u003edelayed_node.\n\nWithout that barrier, the stores to node-\u003erefs and\nbtrfs_inode-\u003edelayed_node may become visible out of order. Another\nthread can then read btrfs_inode-\u003edelayed_node and attempt to\nincrement a refcount that hasn\u0027t been set yet, leading to a\nrefcounting bug and a use-after-free warning.\n\nThe fix is to move refcount_set back to where it was to take\nadvantage of the implicit memory barrier provided by lock\nacquisition.\n\nBecause the allocations now happen outside of the lock\u0027s critical\nsection, they can use GFP_NOFS instead of GFP_ATOMIC."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:35:57.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8385851a5435f4006281828d428e5d0b0bbf8af"
},
{
"url": "https://git.kernel.org/stable/c/83f59076a1ae6f5c6845d6f7ed3a1a373d883684"
}
],
"title": "btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71159",
"datePublished": "2026-01-23T15:23:57.824Z",
"dateReserved": "2026-01-13T15:30:19.665Z",
"dateUpdated": "2026-02-09T08:35:57.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-71159\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-23T16:15:52.793\",\"lastModified\":\"2026-02-26T20:19:48.380\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()\\n\\nPreviously, btrfs_get_or_create_delayed_node() set the delayed_node\u0027s\\nrefcount before acquiring the root-\u003edelayed_nodes lock.\\nCommit e8513c012de7 (\\\"btrfs: implement ref_tracker for delayed_nodes\\\")\\nmoved refcount_set inside the critical section, which means there is\\nno longer a memory barrier between setting the refcount and setting\\nbtrfs_inode-\u003edelayed_node.\\n\\nWithout that barrier, the stores to node-\u003erefs and\\nbtrfs_inode-\u003edelayed_node may become visible out of order. Another\\nthread can then read btrfs_inode-\u003edelayed_node and attempt to\\nincrement a refcount that hasn\u0027t been set yet, leading to a\\nrefcounting bug and a use-after-free warning.\\n\\nThe fix is to move refcount_set back to where it was to take\\nadvantage of the implicit memory barrier provided by lock\\nacquisition.\\n\\nBecause the allocations now happen outside of the lock\u0027s critical\\nsection, they can use GFP_NOFS instead of GFP_ATOMIC.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.18\",\"versionEndExcluding\":\"6.18.6\",\"matchCriteriaId\":\"B263F4AD-C03D-4E6A-995E-B822989C3A7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71D92C0-C023-48BD-B3B6-70B638EEE298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"13580667-0A98-40CC-B29F-D12790B91BDB\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/83f59076a1ae6f5c6845d6f7ed3a1a373d883684\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c8385851a5435f4006281828d428e5d0b0bbf8af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
WID-SEC-W-2026-0215
Vulnerability from csaf_certbund - Published: 2026-01-25 23:00 - Updated: 2026-03-30 22:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Betroffene Betriebssysteme: - Linux
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0215 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0215.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0215 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0215"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71145",
"url": "https://lore.kernel.org/linux-cve-announce/2026012321-CVE-2025-71145-4c0a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71146",
"url": "https://lore.kernel.org/linux-cve-announce/2026012325-CVE-2025-71146-96cf@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71147",
"url": "https://lore.kernel.org/linux-cve-announce/2026012327-CVE-2025-71147-a296@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71148",
"url": "https://lore.kernel.org/linux-cve-announce/2026012327-CVE-2025-71148-78e6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71149",
"url": "https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71149-c9ee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71150",
"url": "https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71150-1b7c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71151",
"url": "https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71151-1a45@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71152",
"url": "https://lore.kernel.org/linux-cve-announce/2026012302-CVE-2025-71152-055a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71153",
"url": "https://lore.kernel.org/linux-cve-announce/2026012305-CVE-2025-71153-246e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71154",
"url": "https://lore.kernel.org/linux-cve-announce/2026012305-CVE-2025-71154-bc99@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71155",
"url": "https://lore.kernel.org/linux-cve-announce/2026012306-CVE-2025-71155-7691@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71156",
"url": "https://lore.kernel.org/linux-cve-announce/2026012306-CVE-2025-71156-f8f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71157",
"url": "https://lore.kernel.org/linux-cve-announce/2026012306-CVE-2025-71157-3a03@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71158",
"url": "https://lore.kernel.org/linux-cve-announce/2026012344-CVE-2025-71158-1cfa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71159",
"url": "https://lore.kernel.org/linux-cve-announce/2026012346-CVE-2025-71159-417a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71160",
"url": "https://lore.kernel.org/linux-cve-announce/2026012346-CVE-2025-71160-8c5d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71161",
"url": "https://lore.kernel.org/linux-cve-announce/2026012346-CVE-2025-71161-4b58@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71162",
"url": "https://lore.kernel.org/linux-cve-announce/2026012530-CVE-2025-71162-c0b7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71163",
"url": "https://lore.kernel.org/linux-cve-announce/2026012532-CVE-2025-71163-03ce@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22978",
"url": "https://lore.kernel.org/linux-cve-announce/2026012347-CVE-2026-22978-4e34@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22979",
"url": "https://lore.kernel.org/linux-cve-announce/2026012347-CVE-2026-22979-b883@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22980",
"url": "https://lore.kernel.org/linux-cve-announce/2026012347-CVE-2026-22980-6031@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22981",
"url": "https://lore.kernel.org/linux-cve-announce/2026012348-CVE-2026-22981-94c5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22982",
"url": "https://lore.kernel.org/linux-cve-announce/2026012348-CVE-2026-22982-b250@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22983",
"url": "https://lore.kernel.org/linux-cve-announce/2026012348-CVE-2026-22983-db37@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22984",
"url": "https://lore.kernel.org/linux-cve-announce/2026012349-CVE-2026-22984-001c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22985",
"url": "https://lore.kernel.org/linux-cve-announce/2026012349-CVE-2026-22985-9a80@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22986",
"url": "https://lore.kernel.org/linux-cve-announce/2026012349-CVE-2026-22986-5992@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22987",
"url": "https://lore.kernel.org/linux-cve-announce/2026012350-CVE-2026-22987-8984@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22988",
"url": "https://lore.kernel.org/linux-cve-announce/2026012350-CVE-2026-22988-1ee5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22989",
"url": "https://lore.kernel.org/linux-cve-announce/2026012350-CVE-2026-22989-06be@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22990",
"url": "https://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22990-a62e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22991",
"url": "https://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22991-e4a2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22992",
"url": "https://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22992-0607@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22993",
"url": "https://lore.kernel.org/linux-cve-announce/2026012352-CVE-2026-22993-2e35@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22994",
"url": "https://lore.kernel.org/linux-cve-announce/2026012352-CVE-2026-22994-ab5f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22995",
"url": "https://lore.kernel.org/linux-cve-announce/2026012352-CVE-2026-22995-7465@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22996",
"url": "https://lore.kernel.org/linux-cve-announce/2026012532-CVE-2026-22996-f977@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22997",
"url": "https://lore.kernel.org/linux-cve-announce/2026012533-CVE-2026-22997-42ca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22998",
"url": "https://lore.kernel.org/linux-cve-announce/2026012533-CVE-2026-22998-8392@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-22999",
"url": "https://lore.kernel.org/linux-cve-announce/2026012533-CVE-2026-22999-c098@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23000",
"url": "https://lore.kernel.org/linux-cve-announce/2026012534-CVE-2026-23000-36e1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23001",
"url": "https://lore.kernel.org/linux-cve-announce/2026012534-CVE-2026-23001-7ab0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23002",
"url": "https://lore.kernel.org/linux-cve-announce/2026012534-CVE-2026-23002-ffa4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23003",
"url": "https://lore.kernel.org/linux-cve-announce/2026012535-CVE-2026-23003-e684@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23004",
"url": "https://lore.kernel.org/linux-cve-announce/2026012535-CVE-2026-23004-205e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23005",
"url": "https://lore.kernel.org/linux-cve-announce/2026012536-CVE-2026-23005-df15@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23006",
"url": "https://lore.kernel.org/linux-cve-announce/2026012536-CVE-2026-23006-241b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23007",
"url": "https://lore.kernel.org/linux-cve-announce/2026012536-CVE-2026-23007-38b1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23008",
"url": "https://lore.kernel.org/linux-cve-announce/2026012537-CVE-2026-23008-d435@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23009",
"url": "https://lore.kernel.org/linux-cve-announce/2026012537-CVE-2026-23009-7209@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23010",
"url": "https://lore.kernel.org/linux-cve-announce/2026012537-CVE-2026-23010-91ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23011",
"url": "https://lore.kernel.org/linux-cve-announce/2026012538-CVE-2026-23011-d4fd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23012",
"url": "https://lore.kernel.org/linux-cve-announce/2026012538-CVE-2026-23012-8a3d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23013",
"url": "https://lore.kernel.org/linux-cve-announce/2026012538-CVE-2026-23013-303c@gregkh/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2264 vom 2026-02-09",
"url": "https://access.redhat.com/errata/RHSA-2026:2264"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6126 vom 2026-02-09",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00035.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6127 vom 2026-02-10",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00036.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2378 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2378"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2264 vom 2026-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-2264.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4475 vom 2026-02-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00016.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0447-1 vom 2026-02-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024124.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4476 vom 2026-02-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00017.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8034-1 vom 2026-02-12",
"url": "https://ubuntu.com/security/notices/USN-8034-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0475-1 vom 2026-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024139.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0473-1 vom 2026-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024136.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0474-1 vom 2026-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024140.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0471-1 vom 2026-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024142.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0472-1 vom 2026-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024141.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0496-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024158.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0495-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024159.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2264 vom 2026-02-15",
"url": "https://errata.build.resf.org/RLSA-2026:2264"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2721 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2721"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2722 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2722"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2721 vom 2026-02-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-2721.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2722 vom 2026-02-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-2722.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8034-2 vom 2026-02-17",
"url": "https://ubuntu.com/security/notices/USN-8034-2"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-113 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-113.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0587-1 vom 2026-02-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024356.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2722 vom 2026-02-24",
"url": "https://errata.build.resf.org/RLSA-2026:2722"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0617-1 vom 2026-02-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024378.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2721 vom 2026-02-24",
"url": "https://errata.build.resf.org/RLSA-2026:2721"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20479-1 vom 2026-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024407.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20477-1 vom 2026-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024409.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20498-1 vom 2026-02-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024476.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20287-1 vom 2026-02-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K7KIWX7XP3UMVFSHT47OOZ24TQQYNNHI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20520-1 vom 2026-02-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024455.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2026-098 vom 2026-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2026-098.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20599-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024614.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20570-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024574.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20615-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024605.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20555-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024590.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3966 vom 2026-03-09",
"url": "https://access.redhat.com/errata/RHSA-2026:3966"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3964 vom 2026-03-09",
"url": "https://access.redhat.com/errata/RHSA-2026:3964"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3963 vom 2026-03-09",
"url": "https://access.redhat.com/errata/RHSA-2026:3963"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4012 vom 2026-03-09",
"url": "https://access.redhat.com/errata/RHSA-2026:4012"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3963 vom 2026-03-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-3963.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4012 vom 2026-03-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-4012.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3966 vom 2026-03-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-3966.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50145 vom 2026-03-12",
"url": "https://linux.oracle.com/errata/ELSA-2026-50145.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50144 vom 2026-03-11",
"url": "https://linux.oracle.com/errata/ELSA-2026-50144.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-1 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-2 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4723 vom 2026-03-17",
"url": "https://access.redhat.com/errata/RHSA-2026:4723"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-4 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-3 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-3"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4723 vom 2026-03-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-4723.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20667-1 vom 2026-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024746.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0928-1 vom 2026-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024762.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20711-1 vom 2026-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024715.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20713-1 vom 2026-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024771.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-114 vom 2026-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-114.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2026-099 vom 2026-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2026-099.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20720-1 vom 2026-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024766.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5197 vom 2026-03-23",
"url": "https://access.redhat.com/errata/RHSA-2026:5197"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8116-1 vom 2026-03-23",
"url": "https://ubuntu.com/security/notices/USN-8116-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0962-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024803.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-5 vom 2026-03-23",
"url": "https://ubuntu.com/security/notices/USN-8096-5"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0961-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024805.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20794-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024895.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20772-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024862.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20819-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024871.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0984-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024841.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1041-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024928.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1003-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024925.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:3964 vom 2026-03-26",
"url": "https://errata.build.resf.org/RLSA-2026:3964"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:3963 vom 2026-03-26",
"url": "https://errata.build.resf.org/RLSA-2026:3963"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1081-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024953.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1077-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024956.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1078-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024954.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:4723 vom 2026-03-27",
"url": "https://errata.build.resf.org/RLSA-2026:4723"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20873-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024968.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1131-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025031.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20845-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024994.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20872-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024969.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20838-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20876-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025054.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-30T22:00:00.000+00:00",
"generator": {
"date": "2026-03-31T08:19:11.586+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0215",
"initial_release_date": "2026-01-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-26T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-4616, EUVD-2026-4617, EUVD-2026-4623, EUVD-2026-4626, EUVD-2026-4619, EUVD-2026-4625, EUVD-2026-4628"
},
{
"date": "2026-02-08T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2026-02-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-15T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-02-17T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-02-22T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und SUSE aufgenommen"
},
{
"date": "2026-02-26T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE und openSUSE aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Amazon und SUSE aufgenommen"
},
{
"date": "2026-03-08T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-09T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-11T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-16T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-17T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat, Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-19T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2026-03-22T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "31"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T050304",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-71145",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71145"
},
{
"cve": "CVE-2025-71146",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71146"
},
{
"cve": "CVE-2025-71147",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71147"
},
{
"cve": "CVE-2025-71148",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71148"
},
{
"cve": "CVE-2025-71149",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71149"
},
{
"cve": "CVE-2025-71150",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71150"
},
{
"cve": "CVE-2025-71151",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71151"
},
{
"cve": "CVE-2025-71152",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71152"
},
{
"cve": "CVE-2025-71153",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71153"
},
{
"cve": "CVE-2025-71154",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71154"
},
{
"cve": "CVE-2025-71155",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71155"
},
{
"cve": "CVE-2025-71156",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71156"
},
{
"cve": "CVE-2025-71157",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71157"
},
{
"cve": "CVE-2025-71158",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71158"
},
{
"cve": "CVE-2025-71159",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71159"
},
{
"cve": "CVE-2025-71160",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71160"
},
{
"cve": "CVE-2025-71161",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71161"
},
{
"cve": "CVE-2025-71162",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71162"
},
{
"cve": "CVE-2025-71163",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2025-71163"
},
{
"cve": "CVE-2026-22978",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22978"
},
{
"cve": "CVE-2026-22979",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22979"
},
{
"cve": "CVE-2026-22980",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22980"
},
{
"cve": "CVE-2026-22981",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22981"
},
{
"cve": "CVE-2026-22982",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22982"
},
{
"cve": "CVE-2026-22983",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22983"
},
{
"cve": "CVE-2026-22984",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22984"
},
{
"cve": "CVE-2026-22985",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22985"
},
{
"cve": "CVE-2026-22986",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22986"
},
{
"cve": "CVE-2026-22987",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22987"
},
{
"cve": "CVE-2026-22988",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22988"
},
{
"cve": "CVE-2026-22989",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22989"
},
{
"cve": "CVE-2026-22990",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22990"
},
{
"cve": "CVE-2026-22991",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22991"
},
{
"cve": "CVE-2026-22992",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22992"
},
{
"cve": "CVE-2026-22993",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22993"
},
{
"cve": "CVE-2026-22994",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22994"
},
{
"cve": "CVE-2026-22995",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22995"
},
{
"cve": "CVE-2026-22996",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22996"
},
{
"cve": "CVE-2026-22997",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22997"
},
{
"cve": "CVE-2026-22998",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22998"
},
{
"cve": "CVE-2026-22999",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-22999"
},
{
"cve": "CVE-2026-23000",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23000"
},
{
"cve": "CVE-2026-23001",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23001"
},
{
"cve": "CVE-2026-23002",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23002"
},
{
"cve": "CVE-2026-23003",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23003"
},
{
"cve": "CVE-2026-23004",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23004"
},
{
"cve": "CVE-2026-23005",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23005"
},
{
"cve": "CVE-2026-23006",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23006"
},
{
"cve": "CVE-2026-23007",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23007"
},
{
"cve": "CVE-2026-23008",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23008"
},
{
"cve": "CVE-2026-23009",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23009"
},
{
"cve": "CVE-2026-23010",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23010"
},
{
"cve": "CVE-2026-23011",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23011"
},
{
"cve": "CVE-2026-23012",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23012"
},
{
"cve": "CVE-2026-23013",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T050304",
"T000126",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2026-01-25T23:00:00.000+00:00",
"title": "CVE-2026-23013"
}
]
}
GHSA-H6P2-5H78-3XMH
Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-02-26 21:31
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()
Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. Commit e8513c012de7 ("btrfs: implement ref_tracker for delayed_nodes") moved refcount_set inside the critical section, which means there is no longer a memory barrier between setting the refcount and setting btrfs_inode->delayed_node.
Without that barrier, the stores to node->refs and btrfs_inode->delayed_node may become visible out of order. Another thread can then read btrfs_inode->delayed_node and attempt to increment a refcount that hasn't been set yet, leading to a refcounting bug and a use-after-free warning.
The fix is to move refcount_set back to where it was to take advantage of the implicit memory barrier provided by lock acquisition.
Because the allocations now happen outside of the lock's critical section, they can use GFP_NOFS instead of GFP_ATOMIC.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2025-71159"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T16:15:52Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()\n\nPreviously, btrfs_get_or_create_delayed_node() set the delayed_node\u0027s\nrefcount before acquiring the root-\u003edelayed_nodes lock.\nCommit e8513c012de7 (\"btrfs: implement ref_tracker for delayed_nodes\")\nmoved refcount_set inside the critical section, which means there is\nno longer a memory barrier between setting the refcount and setting\nbtrfs_inode-\u003edelayed_node.\n\nWithout that barrier, the stores to node-\u003erefs and\nbtrfs_inode-\u003edelayed_node may become visible out of order. Another\nthread can then read btrfs_inode-\u003edelayed_node and attempt to\nincrement a refcount that hasn\u0027t been set yet, leading to a\nrefcounting bug and a use-after-free warning.\n\nThe fix is to move refcount_set back to where it was to take\nadvantage of the implicit memory barrier provided by lock\nacquisition.\n\nBecause the allocations now happen outside of the lock\u0027s critical\nsection, they can use GFP_NOFS instead of GFP_ATOMIC.",
"id": "GHSA-h6p2-5h78-3xmh",
"modified": "2026-02-26T21:31:27Z",
"published": "2026-01-23T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71159"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83f59076a1ae6f5c6845d6f7ed3a1a373d883684"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c8385851a5435f4006281828d428e5d0b0bbf8af"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2025-71159
Vulnerability from fkie_nvd - Published: 2026-01-23 16:15 - Updated: 2026-02-26 20:19
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()
Previously, btrfs_get_or_create_delayed_node() set the delayed_node's
refcount before acquiring the root->delayed_nodes lock.
Commit e8513c012de7 ("btrfs: implement ref_tracker for delayed_nodes")
moved refcount_set inside the critical section, which means there is
no longer a memory barrier between setting the refcount and setting
btrfs_inode->delayed_node.
Without that barrier, the stores to node->refs and
btrfs_inode->delayed_node may become visible out of order. Another
thread can then read btrfs_inode->delayed_node and attempt to
increment a refcount that hasn't been set yet, leading to a
refcounting bug and a use-after-free warning.
The fix is to move refcount_set back to where it was to take
advantage of the implicit memory barrier provided by lock
acquisition.
Because the allocations now happen outside of the lock's critical
section, they can use GFP_NOFS instead of GFP_ATOMIC.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B263F4AD-C03D-4E6A-995E-B822989C3A7A",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()\n\nPreviously, btrfs_get_or_create_delayed_node() set the delayed_node\u0027s\nrefcount before acquiring the root-\u003edelayed_nodes lock.\nCommit e8513c012de7 (\"btrfs: implement ref_tracker for delayed_nodes\")\nmoved refcount_set inside the critical section, which means there is\nno longer a memory barrier between setting the refcount and setting\nbtrfs_inode-\u003edelayed_node.\n\nWithout that barrier, the stores to node-\u003erefs and\nbtrfs_inode-\u003edelayed_node may become visible out of order. Another\nthread can then read btrfs_inode-\u003edelayed_node and attempt to\nincrement a refcount that hasn\u0027t been set yet, leading to a\nrefcounting bug and a use-after-free warning.\n\nThe fix is to move refcount_set back to where it was to take\nadvantage of the implicit memory barrier provided by lock\nacquisition.\n\nBecause the allocations now happen outside of the lock\u0027s critical\nsection, they can use GFP_NOFS instead of GFP_ATOMIC."
},
{
"lang": "es",
"value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbtrfs: soluciona la advertencia de uso despu\u00e9s de liberaci\u00f3n en btrfs_get_or_create_delayed_node()\n\nAnteriormente, btrfs_get_or_create_delayed_node() establec\u00eda el refcount del delayed_node antes de adquirir el bloqueo root-\u0026gt;delayed_nodes. El commit e8513c012de7 (\u0027btrfs: implementa ref_tracker para delayed_nodes\u0027) movi\u00f3 refcount_set dentro de la secci\u00f3n cr\u00edtica, lo que significa que ya no hay una barrera de memoria entre el establecimiento del refcount y el establecimiento de btrfs_inode-\u0026gt;delayed_node.\n\nSin esa barrera, los almacenamientos en node-\u0026gt;refs y btrfs_inode-\u0026gt;delayed_node pueden volverse visibles fuera de orden. Otro hilo puede entonces leer btrfs_inode-\u0026gt;delayed_node e intentar incrementar un refcount que a\u00fan no ha sido establecido, lo que lleva a un error de refcounting y a una advertencia de uso despu\u00e9s de liberaci\u00f3n.\n\nLa soluci\u00f3n es mover refcount_set de vuelta a donde estaba para aprovechar la barrera de memoria impl\u00edcita proporcionada por la adquisici\u00f3n del bloqueo.\n\nDebido a que las asignaciones ahora ocurren fuera de la secci\u00f3n cr\u00edtica del bloqueo, pueden usar GFP_NOFS en lugar de GFP_ATOMIC."
}
],
"id": "CVE-2025-71159",
"lastModified": "2026-02-26T20:19:48.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-01-23T16:15:52.793",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/83f59076a1ae6f5c6845d6f7ed3a1a373d883684"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c8385851a5435f4006281828d428e5d0b0bbf8af"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…