Hanatok

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.1 **Description** The vulnerability is related to the qgroup component in the Linux kernel, which is associated with resource management errors. Exploitation of this vulnerability can lead to a denial of service. The issue arises from the introduction of the NO ACCOUNTING flag, which can cause some qgroup records to be without a valid old roots ulist. Normally, this is fine, but during a qgroup rescan, the NO ACCOUNTING flag is cleared, and the current transaction is committed, triggering a WARN ON() during btrfs qgroup account extents(). **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the qgroup vulnerability. Specifically, for Linux kernel versions prior to 6.1, update to version 6.1 or later. As a temporary workaround, consider disabling the `btrfs qgroup account extents()` function until a patch is available. Restrict access to the vulnerable `btrfs qgroup rescan()` module to minimize the risk of exploitation. Avoid using the `old roots` parameter in the affected API endpoint until the issue is resolved.