Impact
The flaw lies in the Linux kernel's virtual file system code that the NFS server uses to create files. When the atomic_create function fails, the updated dentry_create routine passes an error pointer to end_creating, causing the parent directory lock to never be released. This lock leak prevents further file creation or modification in that directory, effectively denying service to NFS clients.
Affected Systems
All Linux systems running a kernel version that contains the unpatched VFS code and that expose NFS shares via the atomic_create path are affected. Any NFS server that relies on these kernel functions—regardless of the export configuration—can experience the lock‑leak behavior described.
Risk and Exploitability
The CVSS score of 7.5 indicates a high impact vulnerability, while the EPSS score shows a probability of exploitation of less than 1% and the flaw is not currently listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could trigger the flaw by issuing a file‑creation request that causes atomic_create to fail, such as attempting to create an existing file or a file in a read‑only directory. The result would be a lock that remains held, causing a denial of service to other clients. However, the exact conditions required to reliably exploit the flaw are not fully detailed in the input, so a definitive exploitation path has not been confirmed.
OpenCVE Enrichment