CVE-2026-43117
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash.
Use file_inode(file)->i_sb to always get btrfs_sb.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In btrfs tracepoints, using dentry->d_sb instead of file_inode(file)->i_sb causes a crash when overlayfs is mounted on btrfs, leading to a kernel crash.
Vulnerability
The btrfs tracepoint event btrfs_sync_file() misuses dentry->d_sb to obtain the filesystem's superblock. When overlayfs is layered on top of btrfs, dentry->d_sb points to the overlay's superblock instead of the btrfs superblock, resulting in an invalid fsid assignment and a kernel crash.
Exploitation
An attacker can trigger this vulnerability by mounting an overlay filesystem over a btrfs mount and then performing a filesystem sync (e.g., via fsync()) on a file. No special privileges are required beyond the ability to mount filesystems and execute file operations. The crash occurs during the tracepoint execution, making it accessible to any user who can trigger the btrfs_sync_file() tracepoint under the overlay.
Impact
Successful exploitation leads to a denial of service (kernel crash), rendering the system unavailable. No evidence of data corruption or privilege escalation has been reported; the primary impact is on system availability.
Mitigation
The fix replaces dentry->d_sb with file_inode(file)->i_sb, which always returns the correct btrfs superblock. The patch has been committed to the stable kernel tree (see reference [1]). Users should update to the latest kernel version to remediate the issue.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.8,<6.6.136
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/2e4adfaec97ee053ad1bdfb5036845e66f7e0d8anvdPatch
- git.kernel.org/stable/c/32372781d664a9b03c40343e96c29d0a6139f97dnvdPatch
- git.kernel.org/stable/c/a85b46db143fda5869e7d8df8f258ccef5fa1719nvdPatch
- git.kernel.org/stable/c/c09a7446aab5773f38d6abb25fce99b8e1dfbc97nvdPatch
- git.kernel.org/stable/c/d110d7cdb045715c0b45b0dfd974525bb38f653dnvdPatch
News mentions
0No linked articles in our index yet.