CVE-2026-23465
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: log new dentries when logging parent dir of a conflicting inode
If we log the parent directory of a conflicting inode, we are not logging the new dentries of the directory, so when we finish we have the parent directory's inode marked as logged but we did not log its new dentries. As a consequence if the parent directory is explicitly fsynced later and it does not have any new changes since we logged it, the fsync is a no-op and after a power failure the new dentries are missing.
Example scenario:
$ mkdir foo
$ sync
$rmdir foo
$ mkdir dir1 $ mkdir dir2
# A file with the same name and parent as the directory we just deleted # and was persisted in a past transaction. So the deleted directory's # inode is a conflicting inode of this new file's inode. $ touch foo
$ ln foo dir2/link
# The fsync on dir2 will log the parent directory (".") because the # conflicting inode (deleted directory) does not exists anymore, but it # it does not log its new dentries (dir1). $ xfs_io -c "fsync" dir2
# This fsync on the parent directory is no-op, since the previous fsync # logged it (but without logging its new dentries). $ xfs_io -c "fsync" .
# After log replay dir1 is missing.
Fix this by ensuring we log new dir dentries whenever we log the parent directory of a no longer existing conflicting inode.
A test case for fstests will follow soon.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In btrfs, logging a parent directory of a conflicting inode fails to log new dentries, leading to data loss after power failure.
Vulnerability
CVE-2026-23465 is a bug in the Linux kernel's btrfs filesystem. When logging the parent directory of a conflicting inode (an inode that no longer exists), the code does not log new dentries of that directory. This means the parent directory's inode is marked as logged, but its new dentries are not recorded in the log.
Exploitation
An attacker with local access can trigger this by creating a scenario similar to the example: create a directory, sync, delete it, then create a file with the same name and parent, and create a hard link to that file in another directory. Fsyncing the second directory triggers logging of the parent directory without its new dentries. Later, if the parent directory is explicitly fsynced, it is a no-op because it is already marked logged, but the new dentries remain absent. After a power failure, log replay will miss those dentries.
Impact
Successful exploitation results in missing files or directories after a crash, leading to data loss. In the example, directory 'dir1' disappears. The vulnerability affects btrfs filesystem operations and can cause silent data corruption.
Mitigation
The fix has been committed to the Linux kernel stable tree [1]. Users should update to a kernel version containing the commit (e.g., 6f5a51969b1d). No workaround is available; applying the patch is necessary.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/1cf30c73602c69d750c9345c47f2c0e9d0cfb578nvdPatch
- git.kernel.org/stable/c/56e72c8b02d982be775d9df025357c152383ee84nvdPatch
- git.kernel.org/stable/c/6f5a51969b1deb79aefd2194b48fe7e78e72ff7envdPatch
- git.kernel.org/stable/c/9573a365ff9ff45da9222d3fe63695ce562beb24nvdPatch
- git.kernel.org/stable/c/f556b1e09d054e31f464c0fd37280c2b5a393feenvdPatch
News mentions
0No linked articles in our index yet.