CVE-2025-71292
Description
In the Linux kernel, the following vulnerability has been resolved:
jfs: nlink overflow in jfs_rename
If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first directory is first incremented and later decremented. Normally this is fine, but when nlink = -1 this causes a wrap around to 0, and then drop_nlink issues a warning.
After applying the patch syzbot no longer issues any warnings. I also ran some basic fs tests to look for any regressions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Linux kernel JFS, jfs_rename causes nlink overflow when parent has nlink=-1, leading to warning.
Root
Cause The bug exists in the JFS filesystem's rename handler. When a directory's link count equals the maximum value (-1), performing a rename of a child directory (not moving from the parent) causes the nlink to be incremented first and then decremented. This results in an integer wraparound from -1 to 0, triggering a warning in drop_nlink.
Exploitation
An attacker with local access and the ability to create directories and perform rename operations can trigger this bug. The prerequisite is that a directory must have its link count at the maximum (i.e., -1), which can occur from previous operations.
Impact
The primary impact is a kernel warning that may indicate potential filesystem corruption or undefined behavior. While not directly exploitable for privilege escalation, the warning could lead to system instability or denial of service.
Mitigation
The fix has been applied to the Linux kernel stable branches as seen in multiple commits. Users should update to the latest stable kernel version to avoid the issue. [1]
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/2108829a59f081e822fdab8c2cd7131deb8aa8a1nvdPatch
- git.kernel.org/stable/c/5d77c36cd4b698649f5c30c5f6c084f4f61d1880nvdPatch
- git.kernel.org/stable/c/9218dc26fd922b09858ecd3666ed57dfd8098da8nvdPatch
- git.kernel.org/stable/c/93c325746ae59709b4f9bad4e3e4761c8d566c70nvdPatch
- git.kernel.org/stable/c/a3d66089e50a6e0142f8884471f74292102ea9aanvdPatch
- git.kernel.org/stable/c/b4330a0d0947fbdc9d445cbbeabd8cc910a8c9canvdPatch
- git.kernel.org/stable/c/f70fcbc2ac7c24f087a2c895c5753aa730b1e479nvdPatch
- git.kernel.org/stable/c/fe136426e30ca6debcf916fd6a141555ed9fde74nvdPatch
News mentions
0No linked articles in our index yet.