Login Sign Up

CVE-2026-23141

N/A Unknown

📋 TL;DR

A memory safety vulnerability in the Linux kernel's Btrfs filesystem send functionality could allow local attackers to cause kernel crashes or potentially execute arbitrary code. This affects Linux systems using Btrfs filesystems where the send feature is enabled. The vulnerability occurs when processing inline extents during file system operations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with vulnerable Btrfs send implementation (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Btrfs filesystem with send feature enabled. Most distributions enable Btrfs by default.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

No impact if Btrfs send feature is disabled or systems are properly patched.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of Btrfs internals. Exploitation depends on specific memory layout and inline extent configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 08b096c1372cd69627f4f559fb47c9fb67a52b39, 39f83f10772310ba4a77f2b5256aaf36994ef7e8, db00636643e66898d79f2530ac9c56ebd5eca369, or f2dc6ab3a14c2d2eb0b14783427eb9b03bf631c9

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Btrfs send feature

Linux

Prevent use of vulnerable functionality by disabling Btrfs send operations

echo 'blacklist btrfs' >> /etc/modprobe.d/blacklist-btrfs.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local user access to prevent exploitation
  • Disable Btrfs filesystem usage or migrate to alternative filesystem

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if Btrfs send is enabled: 'uname -r' and 'cat /proc/filesystems | grep btrfs'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits: 'uname -r' and check with distribution vendor for specific patched versions

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Btrfs-related errors in dmesg
  • System crash logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

search 'kernel panic' OR 'btrfs' OR 'send' in system logs

📊 Metadata

CVE ID: CVE-2026-23141
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON