CVE-2026-23181Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 92.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs mount, the block device is not set correctly. The user sets the block size of the block device to 0x4000 by executing the BLKBSZSET command. Since the block size change also changes the mapping->flags value, this further affects the result of the mapping_min_folio_order() calculation. Let's analyze the following two scenarios: Scenario 1: Without e

Affected Packages4 packages

Linuxlinux/linux_kernel6.15.06.18.10
Debianlinux/linux_kernel< 6.18.10-1
CVEListV5linux/linux3c20917120ce61f2a123ca0810293872f4c6b5a4ccb3c75d57039adb3170ae54a0d470e359705984+2
debiandebian/linux< linux 6.18.10-1 (forky)

🔴Vulnerability Details

3
OSV
btrfs: sync read disk super and set block size2026-02-14
GHSA
GHSA-4fxm-jm89-7f7q: In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs mo2026-02-14
OSV
CVE-2026-23181: In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs moun2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: btrfs: sync read disk super and set block size2026-02-14
Debian
CVE-2026-23181: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: sync...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23181 Impact, Exploitability, and Mitigation Steps | Wiz