CVE-2026-23214

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc5-00002-gb71e635feefc

Description The Btrfs file system in the Linux kernel allows new transactions even when the file system is read-only. This behavior can lead to warnings and potential issues during unmount when the file system is heavily corrupted and mounted with rescue options, as it can trigger new transactions during inode eviction. The issue arises because Btrfs permits transactions for log replay even on read-only mounts, similar to ext4 and XFS. However, when rescue mount options are used, the file system is fully read-only and cannot be remounted read-write, so new transactions should be rejected.

Recommendations Update the Linux kernel to version 6.19.0-rc5-00002-gb71e635feefc or a later version to address this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-77877

CVE-2026-23214

ECHO-8E6C-5490-7938

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1041-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Btrfs

Linux Kernel

Ubuntu

Xfs

Ext4

CVE-2026-23214

Related Identifiers

Affected Products

References · 1782