Description
In the Linux kernel, the following vulnerability has been resolved:

jfs: nlink overflow in jfs_rename

If nlink is maximal for a directory (-1) and inside that directory you
perform a rename for some child directory (not moving from the parent),
then the nlink of the first directory is first incremented and later
decremented. Normally this is fine, but when nlink = -1 this causes a
wrap around to 0, and then drop_nlink issues a warning.

After applying the patch syzbot no longer issues any warnings. I also
ran some basic fs tests to look for any regressions.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs in the Linux JFS file system when a child directory is renamed inside a parent directory that already has the maximum link count (represented by –1). During the rename, the kernel increments the link count before decrementing it, which causes an integer overflow from –1 to 0. This overflow triggers a kernel warning from drop_nlink, indicating a potential inconsistency in the file system metadata. The patch resolves the overflow, preventing the warning and restoring proper link count handling.

Affected Systems

The flaw affects any Linux kernel build that includes JFS support, in all Linux kernels with JFS support. No specific kernel versions are listed, so all kernels running JFS before the fix are potentially vulnerable. Users should verify whether their system employs JFS and whether the running kernel version predates the fix.

Risk and Exploitability

Since the issue is limited to the JFS file system and requires local access to perform a rename operation on a directory with the maximum link count, its exploitability is low and no external attack vector is documented. The CVSS score of 5.5 indicates moderate severity, while the EPSS score of <1% and the fact that it is not listed in KEV imply a low exploitation likelihood. The primary consequence is a kernel warning and potential file system instability rather than immediate denial of service or data loss. Applying the patch eliminates the overflow and the associated warning.

Generated by OpenCVE AI on May 13, 2026 at 23:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the fix for the jfs nlink overflow bug and reboot the system to use the updated kernel.
  • If JFS support is not required, disable JFS modules and unmount any JFS file systems to prevent the warning from occurring.
  • Monitor kernel logs (dmesg, /var/log/kern.log) for any remaining drop_nlink warnings to confirm the issue has been fully remediated.

Generated by OpenCVE AI on May 13, 2026 at 23:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Wed, 13 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first directory is first incremented and later decremented. Normally this is fine, but when nlink = -1 this causes a wrap around to 0, and then drop_nlink issues a warning. After applying the patch syzbot no longer issues any warnings. I also ran some basic fs tests to look for any regressions.
Title jfs: nlink overflow in jfs_rename
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T21:57:22.774Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71292

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:28.453

Modified: 2026-05-13T21:03:37.953

Link: CVE-2025-71292

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2025-71292 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T23:15:08Z

Weaknesses