Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-08T00:00:00 kernel: btrfs: fix transaction abort on set received ioctl due to item overflow 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-770

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction since we did some metadata updates before. This means that if a user calls this ioctl with the same received UUID field for a lot of subvolumes, we will hit the overflow, trigger the transaction abort and turn the filesystem into RO mode. A malicious user could exploit this, and this ioctl does not even requires that a user has admin privileges (CAP_SYS_ADMIN), only that he/she owns the subvolume. Fix this by doing an early check for item overflow before starting a transaction. This is also race safe because we are holding the subvol_sem semaphore in exclusive (write) mode. A test case for fstests will follow soon.

A flaw was found in the Linux kernel's Btrfs file system. A local malicious user, who owns a subvolume, can exploit an item overflow vulnerability when repeatedly calling the `set received ioctl` with the same received UUID field for multiple subvolumes. This can trigger a transaction abort, leading to the file system being mounted in read-only mode, effectively causing a Denial of Service (DoS).

Red Hat acknowledges the upstream Linux kernel correction for «btrfs» as described in COMMENT_ZERO. Fixes are delivered through standard kernel errata for supported products. Operational exposure depends on whether this subsystem or driver is active in your configuration. To mitigate this issue, prevent the btrfs module from being loaded. See https://access.redhat.com/solutions/41278 for instructions. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43359 https://nvd.nist.gov/vuln/detail/CVE-2026-43359 https://lore.kernel.org/linux-cve-announce/2026050825-CVE-2026-43359-ec41@gregkh/T