Skip to main content

Linux CVE-2025-71268

| EUVDEUVD-2025-208840 MEDIUM
Memory Leak (CWE-401)
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
3.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2025-208840
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:40 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix reservation leak in some error paths when inserting inline extent

If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup data, resulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data() in such cases.

AnalysisAI

A resource leak vulnerability exists in the Linux kernel's btrfs filesystem implementation where reserved qgroup data fails to be freed in error paths during inline extent insertion operations. This affects all Linux versions with vulnerable btrfs code, and allows local attackers with filesystem write access to exhaust kernel memory resources through repeated failed inline extent insertions, potentially causing denial of service. No active exploitation in the wild has been reported, but kernel memory exhaustion vulnerabilities are routinely targeted by local privilege escalation chains.

Technical ContextAI

The vulnerability resides in the btrfs (B-tree filesystem) subsystem of the Linux kernel, specifically in the __cow_file_range_inline() function responsible for copy-on-write operations when inserting inline extents. When the function fails to allocate a path structure or join a transaction during inline extent insertion, it returns without calling btrfs_qgroup_free_data() to release reserved quota group (qgroup) data resources that were allocated earlier in the execution path. This is a classic resource leak (CWE-404: Improper Resource Shutdown or Release) where allocated kernel memory accounting structures remain reserved but never freed. The qgroup subsystem in btrfs is used for quota management and accounting; failing to return reserved data results in permanent loss of available quota space within the filesystem context. The affected product is the Linux kernel itself (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*), impacting all distributions that include vulnerable btrfs code.

RemediationAI

Apply the upstream kernel patch by upgrading to a patched kernel version from your distribution (consult your Linux vendor for specific version numbers containing commits f7156512c8166d385f574b9ec030479aa7b1e8c9 or later). Most major distributions (Ubuntu, RHEL, Debian, etc.) will backport this fix into their stable kernel updates within normal update cycles. Until patching is completed, restrict filesystem write access to btrfs-backed volumes only to trusted users, disable btrfs qgroup quotas if not actively required (via btrfs quota disable), and monitor kernel memory pressure via tools such as /proc/slabinfo to detect potential leaks. For production systems using btrfs with qgroup enforcement, prioritize kernel patching as this leak can accumulate under sustained malicious activity.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.127 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.114 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.144 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.116 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.161 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.107 Affected
Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Affected
Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Affected

Share

CVE-2025-71268 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy