{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71269", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-17T09:08:18.457Z", "datePublished": "2026-03-18T17:40:58.949Z", "dateUpdated": "2026-03-19T16:00:59.321Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-19T16:00:59.321Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is <= 0)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/btrfs/inode.c"], "versions": [{"version": "94ed938aba557aa798acf496f09afb289b619fcd", "lessThan": "6de3a371a8b9fd095198b1aa68c22cc10a4c6961", "status": "affected", "versionType": "git"}, {"version": "94ed938aba557aa798acf496f09afb289b619fcd", "lessThan": "f8da41de0bff9eb1d774a7253da0c9f637c4470a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/btrfs/inode.c"], "versions": [{"version": "4.4", "status": "affected"}, {"version": "0", "lessThan": "4.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6de3a371a8b9fd095198b1aa68c22cc10a4c6961"}, {"url": "https://git.kernel.org/stable/c/f8da41de0bff9eb1d774a7253da0c9f637c4470a"}], "title": "btrfs: do not free data reservation in fallback from inline due to -ENOSPC", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is <= 0)."}], "id": "CVE-2025-71269", "lastModified": "2026-03-19T13:25:00.570", "metrics": {}, "published": "2026-03-18T18:16:22.110", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6de3a371a8b9fd095198b1aa68c22cc10a4c6961"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f8da41de0bff9eb1d774a7253da0c9f637c4470a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: btrfs: do not free data reservation in fallback from inline due to -ENOSPC", "id": "2448690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448690"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-71269", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-71269\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71269\nhttps://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71269-b47d@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,6de3a371a8b9fd095198b1aa68c22cc10a4c6961)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f8da41de0bff9eb1d774a7253da0c9f637c4470a)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.10,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T01:47:32.368694+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that contains the commit correcting the qgroup reservation logic", "Verify the kernel version and commit hash to confirm the fix is applied", "If an update is not possible, monitor Btrfs volumes for ENOSPC errors and limit write activity to prevent quota violations", "Consider disabling or limiting Btrfs quotas until the kernel can be updated"], "summary": {"action": "Update Kernel", "impact": "Data integrity / potential denial of service due to incorrect quota reservation handling"}, "threat_synthesis": {"affected_systems": "Linux kernels running Btrfs with the unpatched btrfs code. Any distribution that uses the upstream kernel and has not applied the new commit that frees the qgroup reservation only when appropriate.", "description_and_impact": "A flaw in the Linux kernel\u2019s Btrfs implementation incorrectly frees a qgroup quota reservation during a fallback from an inline extent creation failure. When the system cannot allocate an inline extent because the device is full, it falls back to a normal copy\u2011on\u2011write (COW) path, reserves a new extent, and creates an ordered extent. The code mistakenly releases the qgroup reservation even though the new extent will use it, potentially causing quota accounting errors, resource leaks, or subsequent allocation failures. The missing reservation handling can lead to incorrect quota enforcement, which may stop legitimate writes, trigger server\u2011side errors, or corrupt filesystem metadata within the Btrfs volume.\n\nThe affected systems are Linux operating systems running any kernel that contains the Btrfs file system implementation and has not been updated to contain the commit that corrects the reservation logic. All distributions that ship a kernel built on the btrfs tree are potentially impacted, as the bug originates from the kernel repository rather than a vendor\u2011specific configuration.\n\nThe vulnerability has a CVSS score of 7.0, indicating a high\u2011moderate severity, and an EPSS score of less than 1\u202f%, suggesting a relatively low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. The impact is limited to scenarios where a Btrfs volume experiences space pressure and fails to allocate an inline extent. An attacker with local or remote access who can trigger writes to the affected volume could potentially force the filesystem into a state that generates errors or denial of service, but the exploit requires the specific failure conditions described above.", "risk_and_exploitability": "The CVSS rating of 7.0 reflects the potential for data integrity loss and service disruption. Due to the low EPSS score, widespread exploitation is unlikely, although local users could unintentionally trigger the failure by exhausting space on a Btrfs volume. The absence of a KEV listing indicates no known active exploitation. The issue does not allow arbitrary code execution; its primary risk is denial of service or incorrect quota accounting as the system over\u2011allocates or loses track of reserved space."}}}}, "created": "2026-03-19T08:56:14.312618+00:00", "updated": "2026-03-26T12:21:00.705132+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-399"]}