From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C2AB3EDADB for ; Fri, 8 May 2026 14:23:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778250213; cv=none; b=nHk1Uu5QQtze4Hkrotb16qs/JBdJmo+hcap0sgLT8MBvfCngu6L0CSaNkH4Y835QQZ8byewNKoodZj/u9ahs6yrM4p5nXt6mR9TDRhU2Z0c3CvGM1w21aySQiRddT4stOP49MbxMVlUUKhh001VbSTBZLmBGcITEKdBEVm8b92g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778250213; c=relaxed/simple; bh=Ga4iLG/nKZHSHOhfDGgr+Uojtv31jFATb7fnrDOJMAc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=m+xuiH8bmlXiSirmmyVK1VZpVpMz6jDtExym+zxvKQze42aDMZZEBUjJJWITslQGkdgnZ8bUEE3ffD2nvflrcWTqBQQFR4WQ7n0w4QHQlFx26aPLa+h+JiYK11i37gRvltwm6Gi0HXERODu0vXKtIXz9EGic6zD4cqJ9ynaIoDw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=UUmaxu0b; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="UUmaxu0b" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E4CE9C2BCB0; Fri, 8 May 2026 14:23:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778250213; bh=Ga4iLG/nKZHSHOhfDGgr+Uojtv31jFATb7fnrDOJMAc=; h=From:To:Cc:Subject:Date:Reply-To:From; b=UUmaxu0bt2O5V0kY3y+90g2d4DHWXEyP2Wru8DXxetL073SRB6i4QFvZOJmspcw+v iHPMS3rRiEINCH9AD2cIaPFXB6puKkFUeUjtMLijP2mg3Q+1QSpjwT5HqTHdk0ddEm XXr1juks8aMS2FaufBNd5DSAmGfO0I8ARtnuA6TQ= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-43358: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Date: Fri, 8 May 2026 16:21:27 +0200 Message-ID: <2026050825-CVE-2026-43358-4b09@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2301; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=IW7TZZZjay9LNS1uSaIP6AZ9QCkzdeIGEIpyrLnIhgo=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/P6a2aP3Pu3jGUTn3DseZu689bl65GOWgn8FUtGztT Nbzc5/4dcSyMAgyMciKKbJ82cZzdH/FIUUvQ9vTMHNYmUCGMHBxCsBETr5mmKf7+cGuc1UxK43q ZutKx9iJSP65eZlhwRrflquODTWxx79Nl9NT8056dfPVDwA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the loop in try_release_subpage_extent_buffer() because there is a rcu_read_unlock() call past the loop. This has been detected by the Clang thread-safety analyzer. The Linux kernel CVE team has assigned CVE-2026-43358 to this issue. Affected and fixed versions =========================== Issue introduced in 6.17 with commit ad580dfa388fabb52af033e3f8cc5d04be985e54 and fixed in 6.18.19 with commit 5e1ab71f74a1e61f1254dff128a764fdebaec0b8 Issue introduced in 6.17 with commit ad580dfa388fabb52af033e3f8cc5d04be985e54 and fixed in 6.19.9 with commit 35b0c8768e848e1b7e32052db36b5fa59b6a33a1 Issue introduced in 6.17 with commit ad580dfa388fabb52af033e3f8cc5d04be985e54 and fixed in 7.0 with commit b2840e33127ce0eea880504b7f133e780f567a9b Issue introduced in 6.16.4 with commit 10ec363cfefeeb77fda4c1ac20a531f21de45264 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-43358 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/btrfs/extent_io.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5e1ab71f74a1e61f1254dff128a764fdebaec0b8 https://git.kernel.org/stable/c/35b0c8768e848e1b7e32052db36b5fa59b6a33a1 https://git.kernel.org/stable/c/b2840e33127ce0eea880504b7f133e780f567a9b