CVE-2026-23423

Published: Apr 3, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it is picked up by btrfs_uring_read_finished() whenever that executes in the future. But that's just the happy path. Along the way previous allocations might have gone wrong, or we might not get -EIOCBQUEUED from btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a cleanup section that frees all memory allocated by this function without assuming any deferred execution, and this also needs to happen for the 'pages' allocation.

Vendor	Product	Versions
Linux	Linux	affected `34310c442e175f286b4c06ab5caa4e0b267ea31c - < d4f210de01eaccac61eee657f676045ef9771d07` affected `34310c442e175f286b4c06ab5caa4e0b267ea31c - < 628895890b0c9ac9129129e89455da7db95ba343` affected `34310c442e175f286b4c06ab5caa4e0b267ea31c - < 3f501412f2079ca14bf68a18d80a2b7a823f1f64`
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.18.17 - <= 6.18.` unaffected `6.19.7 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/d4f210de01eaccac61eee657f676045ef9771d07

https://git.kernel.org/stable/c/628895890b0c9ac9129129e89455da7db95ba343

https://git.kernel.org/stable/c/3f501412f2079ca14bf68a18d80a2b7a823f1f64

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23423

Description

Affected Products

References