CVE-2026-31519

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the btrfs file system where the BTRFS ROOT ORPHAN CLEANUP bit is not set during subvolume creation in the create subvol() function. This can lead to a race condition between lookup operations and delayed iputs, resulting in the creation of negative dentries for valid subvolumes. This state causes subvolumes to appear as broken dentries, where listing the parent directory or performing a stat operation fails. Consequently, attempting to delete the subvolume fails with an ENOENT error, while creating a new file or subvolume over it results in an EEXIST error or a file system abort. The issue is triggered when btrfs orphan cleanup() fails and btrfs lookup dentry() returns -ENOENT, leading to a negative dentry via d splice alias().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.