Login Sign Up

CVE-2026-23181

N/A Unknown
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's btrfs filesystem allows a local attacker to trigger a kernel panic or null pointer dereference by changing block device size during mount operations. This affects Linux systems using btrfs filesystem with local access to execute BLKBSZSET commands.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with vulnerable btrfs code (exact range not specified in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using btrfs filesystem. Requires local access to execute BLKBSZSET ioctl commands.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss in btrfs volumes.

🟠

Likely Case

System crash or kernel panic when specific timing conditions are met during btrfs mount operations with block size changes.

🟢

If Mitigated

No impact if proper kernel patches are applied or if btrfs is not used.

🌐 Internet-Facing: LOW - Requires local access to execute BLKBSZSET commands.
🏢 Internal Only: MEDIUM - Local users or processes with block device access could cause system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires precise timing between folio allocation and BLKBSZSET execution. Exploitation likely leads to denial of service rather than privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 3f29d661e5686f3aa14e6f11537ff5c49846f2e2 and ccb3c75d57039adb3170ae54a0d470e359705984

Vendor Advisory: https://git.kernel.org/stable/c/3f29d661e5686f3aa14e6f11537ff5c49846f2e2

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable btrfs usage

all

Avoid using btrfs filesystem until patched

Restrict BLKBSZSET access

Linux

Limit access to block device ioctl commands

chmod 600 /dev/sd*
setfacl -m u:root:rw- /dev/sd*

🧯 If You Can't Patch

  • Restrict local user access to systems using btrfs
  • Monitor for kernel panic logs and investigate BLKBSZSET usage

🔍 How to Verify

Check if Vulnerable:

Check if btrfs is in use: 'mount | grep btrfs' and check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel contains fix commits: 'git log --oneline | grep -E "3f29d661e5686f3aa14e6f11537ff5c49846f2e2|ccb3c75d57039adb3170ae54a0d470e359705984"'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • null pointer dereference in kernel logs
  • btrfs mount failures

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("VM_BUG_ON_FOLIO" OR "create_empty_buffers" OR "btrfs" AND "panic")

📊 Metadata

CVE ID: CVE-2026-23181
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON