Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2026-43117 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-43117

CVE-2026-43117

CRITICAL9.1

btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()

Published May 6, 2026

Modified 3 weeks ago

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()

If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash.

Use file_inode(file)->i_sb to always get btrfs_sb.

References

WEB

https://git.kernel.org/stable/c/2e4adfaec97ee053ad1bdfb5036845e66f7e0d8a

WEB

https://git.kernel.org/stable/c/32372781d664a9b03c40343e96c29d0a6139f97d

WEB

https://git.kernel.org/stable/c/4a7bab35fad5251c8cb738161152578cd83b6b9c

WEB

https://git.kernel.org/stable/c/520e8b4bcf872a534a7bf61ccf880047642df296

WEB

https://git.kernel.org/stable/c/a85b46db143fda5869e7d8df8f258ccef5fa1719

WEB

https://git.kernel.org/stable/c/c09a7446aab5773f38d6abb25fce99b8e1dfbc97

WEB

https://git.kernel.org/stable/c/d110d7cdb045715c0b45b0dfd974525bb38f653d

WEB

https://git.kernel.org/stable/c/e252db8ca2a01f82d472091f35d549b313278636

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-43117

CVSS Analysis

CVSS v3.1

9.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

HighA:H

9.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Ecosystems

Timeline

PublishedMay 6, 2026

ModifiedJun 1, 2026