Primary

Context

Linux Kernel SMB Client Incomplete Backport Vulnerability in CFIDs Invalidation Worker

Vulnerability

Patched

A vulnerability exists in the Linux kernel's SMB client component due to an incomplete backport related to reference count management. The issue arises in the 'cfids_invalidation_worker()' function, where a necessary 'kref_put()' call was omitted. This oversight could potentially lead to a use-after-free condition by not properly managing the reference count of cached file identifiers. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to a use-after-free condition, which may be exploited to cause memory corruption or execute arbitrary code.

Added: Dec 16, 2025, 4:13 PM

Updated: Dec 16, 2025, 4:13 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SMB Client Incomplete Backport Vulnerability in CFIDs Invalidation Worker

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating