Description
In the Linux kernel, the following vulnerability has been resolved:

smb: client: Fix refcount leak for cifs_sb_tlink

Fix three refcount inconsistency issues related to `cifs_sb_tlink`.

Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be
called after successful calls to `cifs_sb_tlink()`. Three calls fail to
update refcount accordingly, leading to possible resource leaks.
Published: 2025-10-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

An internal reference count leak exists in the CIFS SMB client code of the Linux kernel. The bug causes three separate call paths to cifs_sb_tlink to fail to decrement the reference counter for cifs_sb_tlink objects, allowing the counter to grow unbounded. As the kernel exhausts available kernel memory or other resources associated with these objects, it can lead to a denial of service.

Affected Systems

The flaw resides in the Linux kernel that powers all Linux distributions. No specific vendor version is listed, but any instance of the kernel that includes the CIFS client module before the patch is potentially affected. This includes production servers and desktop systems that mount SMB shares via CIFS. The commit references point to upstream kernel revisions, so all kernel releases after the fix, but before it, are at risk.

Risk and Exploitability

The CVSS base score is 5.5, which places it in the medium severity band, and the EPSS score is below 1%, indicating a low likelihood of public exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. An attacker would need to invoke SMB mount operations that trigger cifs_sb_tlink paths; therefore the attack vector is most likely local or requires elevated privileges to mount large numbers of SMB shares. Although publicly disclosed exploits are unavailable, the potential for resource exhaustion makes the risk significant enough to warrant timely remediation.

Generated by OpenCVE AI on April 20, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that contains the cifs reference count fix introduced by commit 790282abe9d80
  • If a kernel upgrade cannot be performed immediately, manually apply the upstream patch that corrects the reference count handling for cifs_sb_tlink to your current kernel source
  • Suspend or limit CIFS (SMB) mounts on affected systems until the patch is applied to prevent potential resource exhaustion

Generated by OpenCVE AI on April 20, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4379-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6053-1 linux security update
Ubuntu USN Ubuntu USN USN-8029-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8030-1 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-8029-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8048-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8029-3 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8095-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8095-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8100-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8095-3 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8095-4 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8125-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8126-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8095-5 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8165-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8261-1 Linux kernel (Xilinx) vulnerabilities
History

Mon, 20 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Mon, 01 Dec 2025 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Fri, 31 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Thu, 30 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Thu, 30 Oct 2025 10:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.
Title smb: client: Fix refcount leak for cifs_sb_tlink
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T21:42:34.498Z

Reserved: 2025-04-16T07:20:57.164Z

Link: CVE-2025-40103

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2025-10-30T10:15:34.693

Modified: 2026-04-18T09:16:12.240

Link: CVE-2025-40103

cve-icon Redhat

Severity : Low

Publid Date: 2025-10-30T00:00:00Z

Links: CVE-2025-40103 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T15:30:06Z

Weaknesses