CVE-2026-23181

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: sync read disk super and set block size<br /> <br /> When the user performs a btrfs mount, the block device is not set<br /> correctly. The user sets the block size of the block device to 0x4000<br /> by executing the BLKBSZSET command.<br /> Since the block size change also changes the mapping-&gt;flags value, this<br /> further affects the result of the mapping_min_folio_order() calculation.<br /> <br /> Let&amp;#39;s analyze the following two scenarios:<br /> <br /> Scenario 1: Without executing the BLKBSZSET command, the block size is<br /> 0x1000, and mapping_min_folio_order() returns 0;<br /> <br /> Scenario 2: After executing the BLKBSZSET command, the block size is<br /> 0x4000, and mapping_min_folio_order() returns 2.<br /> <br /> do_read_cache_folio() allocates a folio before the BLKBSZSET command<br /> is executed. This results in the allocated folio having an order value<br /> of 0. Later, after BLKBSZSET is executed, the block size increases to<br /> 0x4000, and the mapping_min_folio_order() calculation result becomes 2.<br /> <br /> This leads to two undesirable consequences:<br /> <br /> 1. filemap_add_folio() triggers a VM_BUG_ON_FOLIO(folio_order(folio)