CVE-2026-23147
📋 TL;DR
A memory leak vulnerability in the Linux kernel's BTRFS filesystem zlib compression module affects systems using S390 hardware acceleration. When processing compressed files, the kernel fails to release memory pages (folios), leading to gradual memory exhaustion. This affects Linux systems running on S390 architecture with BTRFS filesystem and hardware compression acceleration enabled.
💻 Affected Systems
- Linux kernel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
System memory exhaustion leading to kernel panic, system crash, or denial of service as available memory is gradually consumed by unreleased folios.
Likely Case
Gradual performance degradation over time as available memory decreases, potentially causing application failures or system instability.
If Mitigated
Minimal impact if memory monitoring and restart policies are in place, though some performance degradation may still occur.
🎯 Exploit Status
Exploitation requires local access and ability to trigger BTRFS compression operations on S390 hardware. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0d0f1314e8f86f5205f71f9e31e272a1d008e40b or e80617a5e1c246da2f112a1a072cdd535046adfe
Vendor Advisory: https://git.kernel.org/stable/c/0d0f1314e8f86f5205f71f9e31e272a1d008e40b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. For custom kernels, apply the fix commit to your kernel source. 3. Recompile and install the updated kernel. 4. Reboot the system to load the patched kernel.
🔧 Temporary Workarounds
Disable BTRFS hardware compression
linuxDisable hardware acceleration for zlib compression in BTRFS to avoid the vulnerable code path
mount -o remount,compress-force=zlib /path/to/mount
echo 0 > /sys/fs/btrfs/<uuid>/compression_type
Use alternative compression
linuxSwitch to software-only compression or different compression algorithm
mount -o remount,compress=lzo /path/to/mount
mount -o remount,compress=zstd /path/to/mount
🧯 If You Can't Patch
- Monitor system memory usage closely and restart services when memory consumption reaches critical thresholds
- Limit BTRFS operations that trigger compression on S390 systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on S390 architecture with BTRFS: uname -r && grep -i s390 /proc/cpuinfo && mount | grep btrfsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commit: grep -q '0d0f1314e8f86f5205f71f9e31e272a1d008e40b\|e80617a5e1c246da2f112a1a072cdd535046adfe' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
- BTRFS compression-related errors
Network Indicators:
- None - this is a local memory management issue
SIEM Query:
source="kernel" AND ("oom" OR "out of memory" OR "folio" OR "btrfs")