In the Linux kernel, the following vulnerability has been resolved:

smb/server: fix refcount leak in smb2_open()

When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file
must be released.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
8df4bcdb0a4232192b2445256c39b787d58ef14d affected < 2456fde2b137703328f1695f60c68fe488d17e36
c8efcc786146a951091588e5fa7e3c754850cb3c affected < 39ca11ff158c98fb092176f06047628c54bcf7a1
c8efcc786146a951091588e5fa7e3c754850cb3c affected < 4665e52bde3b1f8f442895ce7d88fa62a43e48c4
c8efcc786146a951091588e5fa7e3c754850cb3c affected < f416c556997aa56ec4384c6b6efd6a0e6ac70aa7
Linux Linux affected
Version Status Constraints
6.9 affected
0 unaffected < 6.9
6.6.124 unaffected ≤ 6.6.*
6.12.70 unaffected ≤ 6.12.*
6.18.10 unaffected ≤ 6.18.*
6.19 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-6141-1 linux security update
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/2456fde2b137703328f1695f60c68fe488d17e36 cve-icon cve-icon
https://git.kernel.org/stable/c/39ca11ff158c98fb092176f06047628c54bcf7a1 cve-icon cve-icon
https://git.kernel.org/stable/c/4665e52bde3b1f8f442895ce7d88fa62a43e48c4 cve-icon cve-icon
https://git.kernel.org/stable/c/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026021426-CVE-2025-71223-65b9@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71223 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71223 cve-icon
History

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Sat, 14 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in smb2_open() When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file must be released.
Title smb/server: fix refcount leak in smb2_open()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-16T08:58:45.872Z

Reserved: 2026-02-14T16:26:02.969Z

Link: CVE-2025-71223

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-02-14T17:15:54.670

Modified: 2026-02-18T17:52:22.253

Link: CVE-2025-71223

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2025-71223 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-02-16T09:44:07Z

Weaknesses

No weakness.