CVE-2025-71223
Unknown
Unknown - Not Provided
Reference Count Leak in Linux Kernel SMB2_open() Causes Resource Exhaustion
Publication date: 2026-02-14
Last updated on: 2026-03-18
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix refcount leak in smb2_open()
When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file
must be released.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.10 (exc) |
| linux | linux_kernel | From 6.6.32 (inc) to 6.6.124 (exc) |
| linux | linux_kernel | From 6.9 (inc) to 6.12.70 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's SMB server component, specifically in the smb2_open() function.
When the function ksmbd_vfs_getattr() fails, the reference count of the ksmbd_file object is not properly released, leading to a resource leak.
How can this vulnerability impact me? :
The reference count leak can cause resource exhaustion over time, potentially leading to degraded system performance or instability in the SMB server functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70