Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Refcount Leak Vulnerability in SMB2 Open Function

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's SMB2 open function within the SMB server component. This issue arises when the 'ksmbd_vfs_getattr()' function fails, as the reference count of 'ksmbd_file' is not properly released, leading to a memory management flaw.

Impact

Exploitation of this vulnerability could result in a memory leak, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the SMB2 open function in the SMB server component and simulating a failure in the 'ksmbd_vfs_getattr()' function. This will demonstrate the refcount leak by showing that the reference count of 'ksmbd_file' is not released as it should be.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Feb 14, 2026, 5:42 PM
Updated: Feb 14, 2026, 5:42 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
2.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.