btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
CVE-2026-46159 is a vulnerability in the btrfs filesystem related to a time-of-check to time-of-use (TOCTOU) race condition in the btrfs_ioctl_space_info() function. This flaw can lead to an information leak. The vulnerability affects Microsoft products including Azure Linux 3. 0. There is no CVSS score or detailed vendor advisory available to confirm patch status or exploitation in the wild. The description provided is minimal and does not include specific technical or impact details beyond the potential for information disclosure.
AI Analysis
Technical Summary
This vulnerability involves a TOCTOU race condition in the btrfs_ioctl_space_info() function of the btrfs filesystem, which can result in an information leak. The affected products include Microsoft Azure Linux 3.0. No CVSS score or detailed technical analysis is provided, and no known exploits are reported. Patch availability is not confirmed due to lack of vendor advisory details.
Potential Impact
The vulnerability may allow an attacker to gain unauthorized access to information due to a race condition in the btrfs_ioctl_space_info() function. No further impact details or exploitation reports are available. Without additional data, the precise scope and severity of the information leak cannot be determined.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No known exploits in the wild have been reported. Until official fixes or mitigations are published, monitor vendor communications for updates.
btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Description
CVE-2026-46159 is a vulnerability in the btrfs filesystem related to a time-of-check to time-of-use (TOCTOU) race condition in the btrfs_ioctl_space_info() function. This flaw can lead to an information leak. The vulnerability affects Microsoft products including Azure Linux 3. 0. There is no CVSS score or detailed vendor advisory available to confirm patch status or exploitation in the wild. The description provided is minimal and does not include specific technical or impact details beyond the potential for information disclosure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a TOCTOU race condition in the btrfs_ioctl_space_info() function of the btrfs filesystem, which can result in an information leak. The affected products include Microsoft Azure Linux 3.0. No CVSS score or detailed technical analysis is provided, and no known exploits are reported. Patch availability is not confirmed due to lack of vendor advisory details.
Potential Impact
The vulnerability may allow an attacker to gain unauthorized access to information due to a race condition in the btrfs_ioctl_space_info() function. No further impact details or exploitation reports are available. Without additional data, the precise scope and severity of the information leak cannot be determined.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No known exploits in the wild have been reported. Until official fixes or mitigations are published, monitor vendor communications for updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-46159
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a19fedae29bf47b500fe5e3
Added to database: 5/29/2026, 9:02:18 PM
Last enriched: 5/29/2026, 9:16:20 PM
Last updated: 5/31/2026, 4:52:11 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.