CVE-2025-71292
Awaiting Analysis Awaiting Analysis - Queue
JFS nlink Overflow in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first directory is first incremented and later decremented. Normally this is fine, but when nlink = -1 this causes a wrap around to 0, and then drop_nlink issues a warning. After applying the patch syzbot no longer issues any warnings. I also ran some basic fs tests to look for any regressions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71292
EUVD
EUVD-2025-209683
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's JFS (Journaled File System) related to the handling of the nlink value during a rename operation within a directory.

Specifically, if the nlink value of a directory is at its maximum (-1) and a rename operation is performed on a child directory inside it (without moving it out of the parent), the nlink of the parent directory is first incremented and then decremented.

Normally, this increment and decrement is harmless, but when nlink is -1, incrementing causes an integer wrap-around to 0, which leads to a warning from the drop_nlink function.

This issue has been fixed by a patch that prevents these warnings and avoids the wrap-around problem.

Impact Analysis

The vulnerability causes an integer wrap-around in the nlink count of directories during rename operations, which triggers warnings in the kernel.

While the description does not explicitly mention direct security impacts such as privilege escalation or data corruption, the warnings indicate an inconsistency in filesystem metadata that could potentially lead to unexpected behavior or instability.

Therefore, the impact may include filesystem reliability issues or unexpected kernel warnings, which could affect system stability or complicate troubleshooting.

Detection Guidance

This vulnerability relates to the Linux kernel's jfs filesystem and involves an nlink overflow during a rename operation within a directory with maximal nlink value (-1). Detection would involve monitoring for warnings issued by drop_nlink related to nlink wraparound.

Since no specific detection commands or tools are provided, a general approach would be to check kernel logs for warnings related to jfs_rename or drop_nlink warnings.

  • Use dmesg or journalctl to look for kernel warnings: `dmesg | grep -i drop_nlink` or `journalctl -k | grep -i drop_nlink`
  • Monitor filesystem behavior for anomalies during rename operations in jfs filesystems.
Mitigation Strategies

The vulnerability has been resolved by a patch to the Linux kernel. Immediate mitigation involves applying the patch or updating the Linux kernel to a version where this issue is fixed.

Until the patch is applied, avoid performing rename operations within directories using the jfs filesystem that might have maximal nlink values to prevent triggering the overflow.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71292. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart