CVE & CISA-KEV Catalog

CVE-2026-23214

HIGH
8.4
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions if the fs is fully read-only [BUG] There is a bug report where a heavily fuzzed fs is mounted with all rescue mount options, which leads to the following warnings during unmount: BTRFS: Transaction aborted (error -22) Modules linked in: CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline] RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611 Call Trace: <TASK> btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705 btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157 btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517 btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708 btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130 btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499 btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628 evict+0x5f4/0xae0 fs/inode.c:837 __dentry_kill+0x209/0x660 fs/dcache.c:670 finish_dput+0xc9/0x480 fs/dcache.c:879 shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661 generic_shutdown_super+0x67/0x2c0 fs/super.c:621 kill_anon_super+0x3b/0x70 fs/super.c:1289 btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127 deactivate_locked_super+0xbc/0x130 fs/super.c:474 cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318 task_work_run+0x1d4/0x260 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x694/0x22f0 kernel/exit.c:971 do_group_exit+0x21c/0x2d0 kernel/exit.c:1112 __do_sys_exit_group kernel/exit.c:1123 [inline] __se_sys_exit_group kernel/exit.c:1121 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x44f639 Code: Unable to access opcode bytes at 0x44f60f. RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 </TASK> Since rescue mount options will mark the full fs read-only, there should be no new transaction triggered. But during unmount we will evict all inodes, which can trigger a new transaction, and triggers warnings on a heavily corrupted fs. [CAUSE] Btrfs allows new transaction even on a read-only fs, this is to allow log replay happen even on read-only mounts, just like what ext4/xfs do. However with rescue mount options, the fs is fully read-only and cannot be remounted read-write, thus in that case we should also reject any new transactions. [FIX] If we find the fs has rescue mount options, we should treat the fs as error, so that no new transaction can be started.

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.73-1CVE-2026-23214
Fixed in:6.18.10-1CVE-2026-23214
linuxUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-awsUbuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-aws-fipsUbuntu
Fixed in:6.8.0-1055.58+fips1USN-8278-1
linux-azureUbuntu
Fixed in:6.8.0-1056.62USN-8278-2
linux-azure-6.8Ubuntu
Fixed in:6.8.0-1059.65~22.04.1USN-8440-1
linux-azure-fipsUbuntu
Fixed in:6.8.0-1059.65+fips1USN-8393-1
linux-fipsUbuntu
Fixed in:6.8.0-116.116+fips1USN-8296-1
linux-gcpUbuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-gcp-fipsUbuntu
Fixed in:6.8.0-1058.61+fips1USN-8278-1
linux-gkeUbuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-gkeopUbuntu
Fixed in:6.8.0-1041.44USN-8278-1
linux-ibmUbuntu
Fixed in:6.8.0-1055.56USN-8278-1
linux-ibm-6.8Ubuntu
Fixed in:6.8.0-1055.56~22.04.1USN-8278-1
linux-image-6.8.0-1024-nvidia-tegraUbuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-image-6.8.0-1024-nvidia-tegra-rtUbuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-image-6.8.0-1032-xilinxUbuntu
Fixed in:6.8.0-1032.33USN-8499-1
linux-image-6.8.0-1041-gkeopUbuntu
Fixed in:6.8.0-1041.44USN-8278-1
linux-image-6.8.0-1054-gkeUbuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-image-6.8.0-1054-gke-64kUbuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-image-6.8.0-1054-nvidiaUbuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
Fixed in:6.8.0-1054.57USN-8289-1
linux-image-6.8.0-1054-nvidia-64kUbuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
Fixed in:6.8.0-1054.57USN-8289-1
linux-image-6.8.0-1054-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-image-6.8.0-1054-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-image-6.8.0-1055-awsUbuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-image-6.8.0-1055-aws-64kUbuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-image-6.8.0-1055-aws-fipsUbuntu
Fixed in:6.8.0-1055.58+fips1USN-8278-1
linux-image-6.8.0-1055-ibmUbuntu
Fixed in:6.8.0-1055.56~22.04.1USN-8278-1
Fixed in:6.8.0-1055.56USN-8278-1
linux-image-6.8.0-1056-azureUbuntu
Fixed in:6.8.0-1056.62USN-8278-2
linux-image-6.8.0-1056-raspiUbuntu
Fixed in:6.8.0-1056.60USN-8278-1
linux-image-6.8.0-1058-gcpUbuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-image-6.8.0-1058-gcp-64kUbuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-image-6.8.0-1058-gcp-fipsUbuntu
Fixed in:6.8.0-1058.61+fips1USN-8278-1
linux-image-6.8.0-1059-azureUbuntu
Fixed in:6.8.0-1059.65~22.04.1USN-8440-1
linux-image-6.8.0-1059-azure-fipsUbuntu
Fixed in:6.8.0-1059.65+fips1USN-8393-1
linux-image-6.8.0-116-fipsUbuntu
Fixed in:6.8.0-116.116+fips1USN-8296-1
linux-image-6.8.0-117-genericUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-6.8.0-117-generic-64kUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-6.8.0-117-lowlatencyUbuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
Fixed in:6.8.0-117.117.1USN-8278-1
linux-image-6.8.0-117-lowlatency-64kUbuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
Fixed in:6.8.0-117.117.1USN-8278-1
linux-image-6.8.0-2045-raspi-realtimeUbuntu
Fixed in:6.8.0-2045.46USN-8278-1
linux-image-6.8.1-1051-realtimeUbuntu
Fixed in:6.8.1-1051.52~22.04.1USN-8278-1
Fixed in:6.8.1-1051.52USN-8278-1
linux-image-aws-6.8Ubuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-image-aws-64k-6.8Ubuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-image-aws-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-image-aws-fipsUbuntu
Fixed in:6.8.0-1055.58+fips1USN-8278-1
linux-image-aws-fips-6.8Ubuntu
Fixed in:6.8.0-1055.58+fips1USN-8278-1
linux-image-aws-lts-24.04Ubuntu
Fixed in:6.8.0-1055.58USN-8278-1
linux-image-azureUbuntu
Fixed in:6.8.0-1059.65~22.04.1USN-8440-1
linux-image-azure-6.8Ubuntu
Fixed in:6.8.0-1059.65~22.04.1USN-8440-1
Fixed in:6.8.0-1056.62USN-8278-2
linux-image-azure-fipsUbuntu
Fixed in:6.8.0-1059.65+fips1USN-8393-1
linux-image-azure-fips-6.8Ubuntu
Fixed in:6.8.0-1059.65+fips1USN-8393-1
linux-image-azure-lts-24.04Ubuntu
Fixed in:6.8.0-1056.62USN-8278-2
linux-image-fipsUbuntu
Fixed in:6.8.0-116.116+fips1USN-8296-1
linux-image-fips-6.8Ubuntu
Fixed in:6.8.0-116.116+fips1USN-8296-1
linux-image-gcp-6.8Ubuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-image-gcp-64k-6.8Ubuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-image-gcp-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-image-gcp-fipsUbuntu
Fixed in:6.8.0-1058.61+fips1USN-8278-1
linux-image-gcp-fips-6.8Ubuntu
Fixed in:6.8.0-1058.61+fips1USN-8278-1
linux-image-gcp-lts-24.04Ubuntu
Fixed in:6.8.0-1058.61USN-8278-1
linux-image-genericUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-generic-6.8Ubuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-generic-64kUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-generic-64k-6.8Ubuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-generic-lpaeUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-gkeUbuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-image-gke-6.8Ubuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-image-gke-64kUbuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-image-gke-64k-6.8Ubuntu
Fixed in:6.8.0-1054.60USN-8278-1
linux-image-gkeopUbuntu
Fixed in:6.8.0-1041.44USN-8278-1
linux-image-gkeop-6.8Ubuntu
Fixed in:6.8.0-1041.44USN-8278-1
linux-image-ibmUbuntu
Fixed in:6.8.0-1055.56USN-8278-1
linux-image-ibm-6.8Ubuntu
Fixed in:6.8.0-1055.56~22.04.1USN-8278-1
Fixed in:6.8.0-1055.56USN-8278-1
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1055.56USN-8278-1
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1055.56USN-8278-1
linux-image-intel-iot-realtimeUbuntu
Fixed in:6.8.1-1051.52USN-8278-1
linux-image-intel-iotgUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-kvmUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-lowlatencyUbuntu
Fixed in:6.8.0-117.117.1USN-8278-1
linux-image-lowlatency-6.8Ubuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
Fixed in:6.8.0-117.117.1USN-8278-1
linux-image-lowlatency-64kUbuntu
Fixed in:6.8.0-117.117.1USN-8278-1
linux-image-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
Fixed in:6.8.0-117.117.1USN-8278-1
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
linux-image-nvidiaUbuntu
Fixed in:6.8.0-1054.57USN-8289-1
linux-image-nvidia-6.8Ubuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
Fixed in:6.8.0-1054.57USN-8289-1
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1054.57USN-8289-1
linux-image-nvidia-64k-6.8Ubuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
Fixed in:6.8.0-1054.57USN-8289-1
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
linux-image-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-image-nvidia-lowlatency-6.8Ubuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-image-nvidia-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-image-nvidia-tegraUbuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-image-nvidia-tegra-6.8Ubuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-image-nvidia-tegra-rtUbuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-image-nvidia-tegra-rt-6.8Ubuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-image-raspiUbuntu
Fixed in:6.8.0-1056.60USN-8278-1
linux-image-raspi-6.8Ubuntu
Fixed in:6.8.0-1056.60USN-8278-1
linux-image-raspi-realtimeUbuntu
Fixed in:6.8.0-2045.46USN-8278-1
linux-image-raspi-realtime-6.8Ubuntu
Fixed in:6.8.0-2045.46USN-8278-1
linux-image-realtimeUbuntu
Fixed in:6.8.1-1051.52USN-8278-1
linux-image-realtime-6.8.1Ubuntu
Fixed in:6.8.1-1051.52~22.04.1USN-8278-1
Fixed in:6.8.1-1051.52USN-8278-1
linux-image-realtime-hwe-22.04Ubuntu
Fixed in:6.8.1-1051.52~22.04.1USN-8278-1
linux-image-virtualUbuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-virtual-6.8Ubuntu
Fixed in:6.8.0-117.117USN-8278-1
linux-image-xilinxUbuntu
Fixed in:6.8.0.1032.33USN-8499-1
linux-image-xilinx-6.8Ubuntu
Fixed in:6.8.0.1032.33USN-8499-1
linux-image-xilinx-zynqmpUbuntu
Fixed in:6.8.0.1032.33USN-8499-1
linux-lowlatencyUbuntu
Fixed in:6.8.0-117.117.1USN-8278-1
linux-lowlatency-hwe-6.8Ubuntu
Fixed in:6.8.0-117.117.1~22.04.1USN-8278-1
linux-nvidiaUbuntu
Fixed in:6.8.0-1054.57USN-8289-1
linux-nvidia-6.8Ubuntu
Fixed in:6.8.0-1054.57~22.04.1USN-8289-2
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1054.57.1USN-8289-1
linux-nvidia-tegraUbuntu
Fixed in:6.8.0-1024.24USN-8296-2
linux-raspiUbuntu
Fixed in:6.8.0-1056.60USN-8278-1
linux-raspi-realtimeUbuntu
Fixed in:6.8.0-2045.46USN-8278-1
linux-realtimeUbuntu
Fixed in:6.8.1-1051.52USN-8278-1
linux-realtime-6.8Ubuntu
Fixed in:6.8.1-1051.52~22.04.1USN-8278-1
linux-xilinxUbuntu
Fixed in:6.8.0-1032.33USN-8499-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.11%probability of exploitation in 30 days
2ndpercentile

Low risk: more likely to be exploited than 2% of all known CVEs.

References

Embed a live status badge for CVE-2026-23214
CVE-2026-23214 severity badge

Markdown

[![CVE-2026-23214](https://tridentstack.com/cve/badge/CVE-2026-23214.svg)](https://tridentstack.com/cve/CVE-2026-23214)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-23214"><img src="https://tridentstack.com/cve/badge/CVE-2026-23214.svg" alt="CVE-2026-23214"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-18.