Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it is picked up by btrfs_uring_read_finished() whenever that executes in the future. But that's just the happy path. Along the way previous allocations might have gone wrong, or we might not get -EIOCBQUEUED from btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a cleanup section that frees all memory allocated by this function without assuming any deferred execution, and this also needs to happen for the 'pages' allocation.

INFO

Published Date :

2026-04-03T13:24:31.966Z

Last Modified :

2026-04-03T13:24:31.966Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23423 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23423.

URL Resource
https://git.kernel.org/stable/c/3f501412f2079ca14bf68a18d80a2b7a823f1f64 cve-icon cve-icon
https://git.kernel.org/stable/c/628895890b0c9ac9129129e89455da7db95ba343 cve-icon cve-icon
https://git.kernel.org/stable/c/d4f210de01eaccac61eee657f676045ef9771d07 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026040304-CVE-2026-23423-96fa@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23423 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23423 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact