Skip to main content

Linux CVE-2025-71269

| EUVDEUVD-2025-208842 MEDIUM
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2025-208842
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:40 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not free data reservation in fallback from inline due to -ENOSPC

If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret is <= 0).

AnalysisAI

A resource management vulnerability exists in the Linux kernel's Btrfs filesystem implementation where qgroup data reservations are incorrectly freed when an inline extent creation fails due to -ENOSPC (no space available). This causes the kernel to prematurely release qgroup quota accounting for data that will actually be used when the operation falls back to the normal copy-on-write path, potentially leading to qgroup quota inconsistencies and information disclosure about quota state. All Linux distributions using Btrfs with qgroup quota tracking enabled are affected. While no CVSS score or EPSS risk score has been assigned, the vulnerability has stable patches available in the Linux kernel repository.

Technical ContextAI

The vulnerability is located in the Btrfs filesystem code within the Linux kernel, specifically in the qgroup (quota group) data reservation handling during inline extent creation fallback scenarios. The Btrfs filesystem uses qgroups to track and limit data usage across subvolumes. When the kernel attempts to create an inline extent (a small file stored directly in metadata) and encounters insufficient space (-ENOSPC), it falls back to a normal copy-on-write allocation path. However, the buggy code in __cow_file_range_inline() unconditionally frees the reserved qgroup data quota even when fallback occurs, meaning the quota is released but the data space is still consumed by the fallback COW operation. This violates the invariant that reserved qgroup quota must match actual usage. The affected products are identified via CPE as cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* across all affected versions. While no specific CWE is listed in the disclosure, this represents a resource management flaw where quota accounting and actual resource consumption become desynchronized.

RemediationAI

Apply Linux kernel updates that include the Btrfs qgroup reservation fix, which has been committed to the stable kernel branches. Users should upgrade to the latest stable kernel version available for their distribution, which will include commit 6de3a371a8b9fd095198b1aa68c22cc10a4c6961 or equivalent. For systems unable to immediately patch, disable Btrfs qgroup quota tracking if not operationally required by setting the qgroup tracking to off, though this removes quota enforcement protections. Monitor kernel release notes from your distribution (Ubuntu Security Notices, Red Hat Security Advisories, SUSE Security Updates) for the specific patched kernel version applicable to your system. Apply the patch as part of a regular kernel update cycle, prioritizing systems where Btrfs with qgroups is actively used for quota enforcement or multi-tenant isolation.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.127 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.114 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.144 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.116 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.161 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.107 Affected
Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Affected
Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Affected

Share

CVE-2025-71269 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy