The Linux kernel SMB (ksmbd) server has a memory leak that occurs when the function ksmbd_tcp_new_connection() fails during kthread_run(). In this scenario, the transport object is freed with free_transport(), but the active_num_conn counter is not decremented, causing the counter to grow unchecked. This bug falls under CWE‑401 (Memory Leak) and can lead to incorrect accounting of active SMB connections. If left unresolved, the server may report an inflated number of active connections, potentially refusing new connections or exhausting system resources, which manifests as a denial‑of‑service condition for legitimate clients.

The vulnerability applies to the Linux kernel’s SMB server (ksmbd) across all kernel versions that shipped the buggy implementation, including the 6.2 release candidates (rc6, rc7, rc8) and older kernels. Vendors affected are the generic Linux kernel maintainers; any distribution using a kernel before the fix will be impacted.

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is less than 1%, implying a very low probability of exploitation and no publicly reported attacks (not listed in the CISA KEV catalog). Based on the description, it is inferred that a malicious SMB client could trigger the failure path, giving attackers a remote attack vector, but no detailed exploitation steps are provided beyond inducing resource exhaustion. Consequently, the main risk is a Denial of Service if an attacker repeatedly induces kthread_run failures, causing the active connection counter to inflate and the server to refuse new connections.