CVE-2026-23036

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the btrfs subsystem related to inode handling. Specifically, in btrfs read locked inode(), if inode lookup fails, a path with a read-locked leaf is released before iget failed() is called. This can lead to a deadlock situation involving inode eviction and updates to the subvolume btree. A lockdep splat was reported by Syzbot, indicating a potential circular locking dependency. The issue arises when releasing a delayed node's mutex while a task is already holding a lock on the btrfs tree. This can occur during inode eviction, which requires locking the delayed inode's mutex, while a task updating a delayed inode starts by taking the node's mutex and modifying the inode's subvolume btree.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.