CVE-2026-43046

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc2-next-20260310

Description An issue exists in the btrfs file system where the kernel fails to validate the root item invariant when reading it from disk. Specifically, if drop progress.objectid is non-zero, the drop level must also be non-zero. On-disk corruption can lead to an invalid state where drop progress.objectid is non-zero but drop level is zero. When relocation recovery processes such an item, the merge reloc root() and btrfs drop snapshot() functions trigger a kernel BUG due to the BUG ON(level == 0) guard.

Recommendations Update the Linux kernel to version 7.0.0-rc2-next-20260310 or later to ensure malformed metadata is rejected with -EUCLEAN before reaching the vulnerable functions.