Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Requires local I/O on a CephFS mount (AV:L, PR:L) via a simple write loop (AC:L); leak causes memory exhaustion so impact is availability-only (A:H, C:N, I:N).
Primary rating from Vendor (Linux).
CVSS VectorVendor: Linux
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
In the Linux kernel, the following vulnerability has been resolved:
ceph: put folios not suitable for writeback
The batch holds references to the folios (see filemap_get_folios, folio_batch_release), so we need to folio_put the folios we remove.
Tested on v6.18.
AnalysisAI
Denial of service in the Linux kernel's CephFS (ceph) client allows local users with an active CephFS mount to leak kernel memory by triggering the dirty-page writeback path. The flaw stems from a missing reference release on folios that the writeback batch holds but removes as unsuitable, gradually pinning pages and exhausting kernel memory (CVSS 7.5, availability-only). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The affected host must have the Ceph kernel client (CephFS) in use with an active mount, and the attacker must be able to generate dirty-page writeback against it (i.e., perform file writes that route through fs/ceph's writeback path). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and skew lower than the headline CVSS 7.5 suggests. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user (or a workload/container) on a host with a mounted CephFS repeatedly writes and dirties files to drive the kernel's writeback path over folios the client deems unsuitable for writeback. Each such cycle leaks folio references that pin pages, and over time kernel memory is exhausted, degrading or crashing the system. … |
| Remediation | Patch available per vendor advisory: apply the upstream stable fixes referenced at https://git.kernel.org/stable/c/86921e890fe1dea9791fb70bec552516fd47716a and https://git.kernel.org/stable/c/544576f0f05c4a759806acddfaaeb686f14fb4b0 by updating to the corresponding patched stable kernel from your distribution (the released, distro-tagged patched version is not independently confirmed from the input, so rely on your vendor's backport that cites this CVE). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify and catalog all Linux systems with active CephFS mounts; assess which business services depend on these systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38828
GHSA-928w-8whm-4cq9