CVE-2026-23147

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration [BUG] After commit aa60fe12b4f4 ("btrfs: zlib: refactor S390x HW acceleration buffer preparation"), we no longer release the folio of the page cache of folio returned by btrfs_compress_filemap_get_folio() for S390 hardware acceleration path. [CAUSE] Before that commit, we call kumap_local() and folio_put() after handling each folio. Although the timing is not ideal (it release previous folio at the beginning of the loop, and rely on some extra cleanup out of the loop), it at least handles the folio release correctly. Meanwhile the refactored code is easier to read, it lacks the call to release the filemap folio. [FIX] Add the missing folio_put() for copy_data_into_buffer().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0d0f1314e8f86f5205f71f9e31e272a1d008e40b	Patch
https://git.kernel.org/stable/c/e80617a5e1c246da2f112a1a072cdd535046adfe	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::

History

17 Mar 2026, 21:12

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/0d0f1314e8f86f5205f71f9e31e272a1d008e40b -~~	() https://git.kernel.org/stable/c/0d0f1314e8f86f5205f71f9e31e272a1d008e40b - Patch
References	~~() https://git.kernel.org/stable/c/e80617a5e1c246da2f112a1a072cdd535046adfe -~~	() https://git.kernel.org/stable/c/e80617a5e1c246da2f112a1a072cdd535046adfe - Patch
First Time		Linux Linux linux Kernel
CWE		CWE-401

18 Feb 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: btrfs: zlib: corregir la fuga de folio en la aceleración de hardware S390 [BUG] Después del commit aa60fe12b4f4 ('btrfs: zlib: refactorizar la preparación del búfer de aceleración de hardware S390x'), ya no liberamos el folio de la caché de páginas del folio devuelto por btrfs_compress_filemap_get_folio() para la ruta de aceleración de hardware S390. [CAUSA] Antes de ese commit, llamábamos a kumap_local() y folio_put() después de manejar cada folio. Aunque el momento no es ideal (libera el folio anterior al principio del bucle y depende de una limpieza adicional fuera del bucle), al menos maneja la liberación del folio correctamente. Mientras que el código refactorizado es más fácil de leer, carece de la llamada para liberar el folio del filemap. [SOLUCIÓN] Añadir el folio_put() faltante para copy_data_into_buffer().

14 Feb 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-14 16:15

Updated : 2026-03-17 21:12

NVD link : CVE-2026-23147

Mitre link : CVE-2026-23147

CVE.ORG link : CVE-2026-23147

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10