CVE-2026-23423

Source
https://cve.org/CVERecord?id=CVE-2026-23423
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23423.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23423
Downstream
Published
2026-04-03T13:24:31.966Z
Modified
2026-07-15T01:49:12.268128334Z
Summary
btrfs: free pages on error in btrfs_uring_read_extent()
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: free pages on error in btrfsuringread_extent()

In this function the 'pages' object is never freed in the hopes that it is picked up by btrfsuringreadfinished() whenever that executes in the future. But that's just the happy path. Along the way previous allocations might have gone wrong, or we might not get -EIOCBQUEUED from btrfsencodedreadregularfillpages(). In all these cases, we go to a cleanup section that frees all memory allocated by this function without assuming any deferred execution, and this also needs to happen for the 'pages' allocation.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23423.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
34310c442e175f286b4c06ab5caa4e0b267ea31c
Fixed
d4f210de01eaccac61eee657f676045ef9771d07
Fixed
628895890b0c9ac9129129e89455da7db95ba343
Fixed
3f501412f2079ca14bf68a18d80a2b7a823f1f64

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23423.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.17
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23423.json"