CVE-2026-31840UAFfs/btrfs
Use-after-free in btrfs relocation on tree-log replay
Local crash / potential privilege escalation. Fixed in 7.1.2 and backported to selected older branches.
- Fixed in
- 7.1.2, 7.0.14, 6.18.7
- Affected
- 7.0 – 7.1.1; config and filesystem usage dependent
- Distro status
- Distro package status tracked separately; CachyOS fixed in indexed package data; Arch/Fedora/Ubuntu pending ingestion
- Config applicability
- Requires btrfs enabled and affected tree-log relocation path to be reachable.
Parsed CVE/commit mappingAI impact summary