Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Btrfs Qgroup Space Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been identified, where quota group (qgroup) space is improperly managed during subvolume creation. This issue arises because the subvolume creation process does not commit transactions as expected, leading to a leak of reserved metadata space. The problem can be triggered by creating a directory and a subvolume simultaneously with qgroups enabled, causing the temporary block reservation for the subvolume to interfere with qgroup accounting. As a result, the reserved space is not properly converted, leading to a leak.

Impact

The vulnerability causes a leak of reserved qgroup space, which is not properly accounted for during subvolume creation, potentially leading to incorrect quota management.

Reproduction

To reproduce this vulnerability, create a directory and a subvolume simultaneously while qgroups are enabled. The subvolume creation will not commit the transaction as expected, causing a leak in the qgroup space that is not properly accounted for.

Remediation

The vulnerability has been addressed in Linux kernel versions 5.4 and later. Users should upgrade to a patched version.

Added: Dec 24, 2025, 2:28 PM
Updated: Dec 24, 2025, 2:28 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
1.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.