SB2026040635 - Use-after-free in Linux kernel nfsd
Published: April 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-31403)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the /proc/fs/nfs/exports proc entry handling when reading from a still-open file descriptor after the associated network namespace is torn down. A local user can keep the file descriptor open across namespace teardown and perform subsequent reads to cause a denial of service.
The issue occurs because the open file captures the current network namespace and stores its export cache without holding a reference to the namespace for the lifetime of the file descriptor.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6a8d70e2ad6aad2c345a5048edcb8168036f97d6
- https://git.kernel.org/stable/c/c7f406fb341d6747634b8b1fa5461656e5e56076
- https://git.kernel.org/stable/c/d1a19217995df9c7e4118f5a2820c5032fef2945
- https://git.kernel.org/stable/c/db4a9f99b12a7ee1c19d86c83a3b752c7effa6c6
- https://git.kernel.org/stable/c/e3d77f935639e6ae4b381c80464c31df998d61f4
- https://git.kernel.org/stable/c/e7fcf179b82d3a3730fd8615da01b087cc654d0b