CVE-2026-23181

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's btrfs file system related to block size synchronization during mount operations. Specifically, when a btrfs file system is mounted, the block device may not be set correctly, leading to inconsistencies in block size or mapping flags before and after folio allocation. This occurs when the BLKBSZSET command is used to modify the block size of the block device. The issue can trigger a VM BUG ON FOLIO assertion or a null pointer dereference in create empty buffers(). The root cause is a lack of synchronization between the BLKBSZSET command and read cache page operations based on the inode. The mapping min folio order() function is affected by the block size change, leading to incorrect folio allocation. The do read cache folio() function allocates a folio before the BLKBSZSET command is executed, which can cause issues when the block size is subsequently increased.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.