CVE-2026-31666

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the btrfs component where the lookup extent data ref() function returns an incorrect value after changing a leaf. Specifically, when btrfs next leaf() returns 0, the ret variable is overwritten from -ENOENT to 0. If the first key in the subsequent leaf does not match the required objectid or type, the function returns 0 instead of -ENOENT. This causes the caller to incorrectly assume the lookup succeeded, which may lead to operations on the wrong extent tree item and potential extent tree corruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.