CVE-2025-71292 - Vulnerability Details

- jfs: nlink overflow in jfs_rename

Description

In the Linux kernel, the following vulnerability has been resolved:

jfs: nlink overflow in jfs_rename

If nlink is maximal for a directory (-1) and inside that directory you
perform a rename for some child directory (not moving from the parent),
then the nlink of the first directory is first incremented and later
decremented. Normally this is fine, but when nlink = -1 this causes a
wrap around to 0, and then drop_nlink issues a warning.

After applying the patch syzbot no longer issues any warnings. I also
ran some basic fs tests to look for any regressions.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability occurs in the Linux JFS file system when a child directory is renamed inside a parent directory that already has the maximum link count (represented by -1). During the rename, the kernel increments the link count before decrementing it, which causes an integer overflow from -1 to 0. This overflow triggers a kernel warning from drop_nlink, indicating a potential inconsistency in the file system metadata. The patch resolves the overflow, preventing the warning and restoring proper link count handling.

Affected Systems

The flaw affects any Linux kernel build that includes JFS support, as identified by the CPE cpe:2.3:o:linux:linux_kernel. No specific kernel versions are listed, so all kernels running JFS before the patch are potentially vulnerable. Users should verify whether their system employs JFS and whether the running kernel version predates the fix.

Risk and Exploitability

Since the issue is limited to the JFS file system and requires local access to perform a rename operation on a directory with the maximum link count, its exploitability is low and no external attack vector is documented. No EPSS score or KEV listing is available, further indicating a low risk. The primary consequence is a kernel warning and potential file system instability rather than immediate denial of service or data loss. Applying the patch eliminates the overflow and the associated warning.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 2108829a59f081e822fdab8c2cd7131deb8aa8a1
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b4330a0d0947fbdc9d445cbbeabd8cc910a8c9ca
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< a3d66089e50a6e0142f8884471f74292102ea9aa
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< f70fcbc2ac7c24f087a2c895c5753aa730b1e479
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 5d77c36cd4b698649f5c30c5f6c084f4f61d1880
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< fe136426e30ca6debcf916fd6a141555ed9fde74
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 93c325746ae59709b4f9bad4e3e4761c8d566c70
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9218dc26fd922b09858ecd3666ed57dfd8098da8

Linux

affected

Version	Status	Constraints
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2108829a59f081e822fdab8c2cd7131deb8aa8a1)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,5d77c36cd4b698649f5c30c5f6c084f4f61d1880)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9218dc26fd922b09858ecd3666ed57dfd8098da8)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,93c325746ae59709b4f9bad4e3e4761c8d566c70)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a3d66089e50a6e0142f8884471f74292102ea9aa)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b4330a0d0947fbdc9d445cbbeabd8cc910a8c9ca)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f70fcbc2ac7c24f087a2c895c5753aa730b1e479)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fe136426e30ca6debcf916fd6a141555ed9fde74)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel version that includes the fix for the jfs nlink overflow bug and reboot the system to use the updated kernel.
If JFS support is not required, disable JFS modules and unmount any JFS file systems to prevent the warning from occurring.
Monitor kernel logs (dmesg, /var/log/kern.log) for any remaining drop_nlink warnings to confirm the issue has been fully remediated.

Generated by OpenCVE AI on May 6, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2108829a59f081e822fdab8c2cd7131deb8aa8a1
https://git.kernel.org/stable/c/5d77c36cd4b698649f5c30c5f6c084f4f61d1880
https://git.kernel.org/stable/c/9218dc26fd922b09858ecd3666ed57dfd8098da8
https://git.kernel.org/stable/c/93c325746ae59709b4f9bad4e3e4761c8d566c70
https://git.kernel.org/stable/c/a3d66089e50a6e0142f8884471f74292102ea9aa
https://git.kernel.org/stable/c/b4330a0d0947fbdc9d445cbbeabd8cc910a8c9ca
https://git.kernel.org/stable/c/f70fcbc2ac7c24f087a2c895c5753aa730b1e479
https://git.kernel.org/stable/c/fe136426e30ca6debcf916fd6a141555ed9fde74

History

Wed, 06 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-190

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first directory is first incremented and later decremented. Normally this is fine, but when nlink = -1 this causes a wrap around to 0, and then drop_nlink issues a warning. After applying the patch syzbot no longer issues any warnings. I also ran some basic fs tests to look for any regressions.
Title		jfs: nlink overflow in jfs_rename
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2108829a59f081e822fdab8c2cd7131deb8aa8a1 https://git.kernel.org/stable/c/5d77c36cd4b698649f5c30c5f6c084f4f61d1880 https://git.kernel.org/stable/c/9218dc26fd922b09858ecd3666ed57dfd8098da8 https://git.kernel.org/stable/c/93c325746ae59709b4f9bad4e3e4761c8d566c70 https://git.kernel.org/stable/c/a3d66089e50a6e0142f8884471f74292102ea9aa https://git.kernel.org/stable/c/b4330a0d0947fbdc9d445cbbeabd8cc910a8c9ca https://git.kernel.org/stable/c/f70fcbc2ac7c24f087a2c895c5753aa730b1e479 https://git.kernel.org/stable/c/fe136426e30ca6debcf916fd6a141555ed9fde74

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:32:23.897Z

Updated: 2026-05-06T11:32:23.897Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71292

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:28.453

Modified: 2026-05-06T13:07:51.607

Link: CVE-2025-71292

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T13:45:03Z

Weaknesses

CWE-190

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object