CVE-2025-71269

MEDIUM

btrfs: do not free data reservation in fallback from inline due to -ENOSPC

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret is <= 0).

References (5)

Core 5

Core References

https://git.kernel.org/stable/c/3edd1f6c7c520536b62b2904807033597554dbac

https://git.kernel.org/stable/c/3a9fd45afadec1fbfec72057b9473d509fa8b68c

https://git.kernel.org/stable/c/0a1fbbd780f04d1b6cf48dd327c866ba937de1c4

https://git.kernel.org/stable/c/6de3a371a8b9fd095198b1aa68c22cc10a4c6961

https://git.kernel.org/stable/c/f8da41de0bff9eb1d774a7253da0c9f637c4470a

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (17)

linux/Kernel 4.4.0 - 6.18.10linux

Linux/Linux < 4.4

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 6de3a371a8b9fd095198b1aa68c22cc10a4c6961

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - f8da41de0bff9eb1d774a7253da0c9f637c4470a

Linux/Linux 4.4

Linux/Linux 6.1.168 - 6.1.*

Linux/Linux 6.12.81 - 6.12.*

Linux/Linux 6.18.10 - 6.18.*

Linux/Linux 6.19

Linux/Linux 6.6.134 - 6.6.*

... and 7 more

Published Mar 18, 2026

Tracked Since Mar 18, 2026