Linux Kernel Out-of-Memory Error Handling Vulnerability in CIFS VFS Component

Vulnerability

A vulnerability in the Linux kernel's CIFS VFS component has been addressed, related to improper error handling under low-memory conditions. The issue arises in the close_all_cached_dirs() function, which fails to manage directory entries (dentries) correctly when memory is scarce. This mismanagement leads to a 'Dentry still in use' error, as the function cannot transfer the dentries to a separate list for cleanup after releasing the locks. The kernel now logs a clear error message indicating memory constraints while attempting to drop dentries, helping to clarify the source of the problem.

Impact

The vulnerability could lead to a denial-of-service condition by causing unhandled 'Dentry still in use' errors, which can disrupt normal file system operations and potentially cause resource leaks.

Added: Jul 10, 2025, 11:38 AM

Updated: Jul 10, 2025, 11:38 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Memory Error Handling Vulnerability in CIFS VFS Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating