PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43393 Linux CVE debrief

A memory leak vulnerability exists in the Btrfs filesystem implementation within the Linux kernel. Specifically, the `btrfs_map_block()` function fails to release a chunk map object when an early return with `-EINVAL` occurs after calling `btrfs_chunk_map_num_copies()`. This flaw leads to resource exhaustion over time, potentially causing system instability or denial of service conditions on affected systems utilizing Btrfs.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-26
Advisory published
2026-05-08
Advisory updated
2026-05-26

Who should care

System administrators and security teams managing Linux servers and workstations utilizing the Btrfs filesystem, particularly those running affected kernel versions in production environments where long-term stability is critical. Cloud infrastructure operators and container platform maintainers should prioritize patching due to potential multi-tenant impact from resource exhaustion.

Technical summary

The vulnerability resides in `fs/btrfs/volumes.c` within the `btrfs_map_block()` function. When mapping a block, the function looks up a chunk map via `btrfs_chunk_map_lookup()` and subsequently calls `btrfs_chunk_map_num_copies()` to determine redundancy information. If this call returns an error (-EINVAL), the function returns early without decrementing the chunk map's reference count via `btrfs_chunk_map_put()`, resulting in a reference count leak. Over repeated operations, this leak can exhaust kernel memory and degrade system availability. The fix ensures proper cleanup by releasing the chunk map reference before all error return paths.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates to patched versions: 6.12.78 or later for 6.12.x series, 6.18.19 or later for 6.13.x series, 6.19.9 or later for 6.19.x series, or 7.0-rc3 or later for 7.0 development kernels
  • Monitor systems running Btrfs filesystems for signs of memory pressure or resource exhaustion
  • Review kernel changelogs for backported fixes if running distribution-maintained kernel packages
  • Consider restricting untrusted local access to systems where immediate patching is not feasible

Evidence notes

The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime). Affected kernel versions include 6.12.x prior to 6.12.78, 6.13.x prior to 6.18.19, 6.19.x prior to 6.19.9, and 7.0 release candidates rc1 and rc2. The CVSS 3.1 vector indicates local attack vector with low attack complexity, requiring low privileges and no user interaction, resulting in high availability impact.

Official resources

2026-05-08T15:16:50.693Z