{"id":"CVE-2026-23423","summary":"btrfs: free pages on error in btrfs_uring_read_extent()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: free pages on error in btrfs_uring_read_extent()\n\nIn this function the 'pages' object is never freed in the hopes that it is\npicked up by btrfs_uring_read_finished() whenever that executes in the\nfuture. But that's just the happy path. Along the way previous\nallocations might have gone wrong, or we might not get -EIOCBQUEUED from\nbtrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a\ncleanup section that frees all memory allocated by this function without\nassuming any deferred execution, and this also needs to happen for the\n'pages' allocation.","modified":"2026-07-15T01:49:12.268128334Z","published":"2026-04-03T13:24:31.966Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23423.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3f501412f2079ca14bf68a18d80a2b7a823f1f64"},{"type":"WEB","url":"https://git.kernel.org/stable/c/628895890b0c9ac9129129e89455da7db95ba343"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d4f210de01eaccac61eee657f676045ef9771d07"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23423.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23423"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"34310c442e175f286b4c06ab5caa4e0b267ea31c"},{"fixed":"d4f210de01eaccac61eee657f676045ef9771d07"},{"fixed":"628895890b0c9ac9129129e89455da7db95ba343"},{"fixed":"3f501412f2079ca14bf68a18d80a2b7a823f1f64"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23423.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23423.json"}}],"schema_version":"1.7.5"}