Volerion logoVolerion
Volerion logoVolerion

Linux Kernel CIFS Client Refcount Leak Vulnerability

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's CIFS client, specifically within the handling of 'cifs_sb_tlink'. This issue arises from three calls that fail to properly update the reference count, leading to potential resource leaks. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause resource leaks by not properly managing reference counts, which could lead to increased memory usage or other resource-related issues.

Reproduction

The vulnerability can be reproduced by invoking functions that use 'cifs_sb_tlink' without the proper reference count management. This can be done by calling the CIFS ACL functions or the rename operation in a way that bypasses the necessary refcount updates.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.

Added: Oct 30, 2025, 10:26 AM
Updated: Oct 30, 2025, 3:25 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
5.7
remediation
7.7
relevance
0.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.