In the Linux kernel, the following vulnerability has been resolved:

btrfs: abort in rename_exchange if we fail to insert the second ref

Error injection stress uncovered a problem where we'd leave a dangling
inode ref if we failed during a rename_exchange.  This happens because
we insert the inode ref for one side of the rename, and then for the
other side.  If this second inode ref insert fails we'll leave the first
one dangling and leave a corrupt file system behind.  Fix this by
aborting if we did the insert for the first inode ref.

kernel.org https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932 [No types assigned]

kernel.org https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5 [No types assigned]

kernel.org https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b [No types assigned]