APPLIED: [SRU][Q/J][PATCH 0/2] CVE-2026-43117
Mehmet Basaran
mehmet.basaran at canonical.com
Fri Jun 19 09:33:53 UTC 2026
Applied to questing:linux, jammy:linux master-next branches. Thanks.
-------------- next part --------------
Cengiz Can via kernel-team <kernel-team at lists.ubuntu.com> writes:
> https://ubuntu.com/security/CVE-2026-43117
>
> [ Impact ]
>
> The btrfs_sync_file() tracepoint derives the filesystem superblock from
> dentry->d_sb. When btrfs is used as the lower layer of an overlayfs mount,
> dentry->d_sb resolves to the overlay's super block rather than the btrfs super
> block. The subsequent fsid assignment dereferences btrfs-specific data from the
> wrong superblock, leading to a kernel crash. The fix uses
> file_inode(file)->i_sb to always obtain the correct btrfs super block.
>
> [ Fix ]
>
> questing: clean cherry-pick
> jammy: clean cherry-pick
> focal: clean cherry-pick
>
> [ Test Plan ]
>
> Boot tested.
>
> [ Where Problems Could Occur ]
>
> A regression in this change would affect the btrfs tracepoint subsystem,
> potentially reporting an incorrect fsid in btrfs_sync_file trace events or
> causing instability when tracing fsync activity on btrfs filesystems.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260619/50367287/attachment.sig>
More information about the kernel-team
mailing list