CVE-2026-22989

EUVD-2026-4280
In the Linux kernel, the following vulnerability has been resolved:

nfsd: check that server is running in unlock_filesystem

If we are trying to unlock the filesystem via an administrative
interface and nfsd isn't running, it crashes the server. This
happens currently because nfsd4_revoke_states() access state
structures (eg., conf_id_hashtbl) that has been freed as a part
of the server shutdown.

[   59.465072] Call trace:
[   59.465308]  nfsd4_revoke_states+0x1b4/0x898 [nfsd] (P)
[   59.465830]  write_unlock_fs+0x258/0x440 [nfsd]
[   59.466278]  nfsctl_transaction_write+0xb0/0x120 [nfsd]
[   59.466780]  vfs_write+0x1f0/0x938
[   59.467088]  ksys_write+0xfc/0x1f8
[   59.467395]  __arm64_sys_write+0x74/0xb8
[   59.467746]  invoke_syscall.constprop.0+0xdc/0x1e8
[   59.468177]  do_el0_svc+0x154/0x1d8
[   59.468489]  el0_svc+0x40/0xe0
[   59.468767]  el0t_64_sync_handler+0xa0/0xe8
[   59.469138]  el0t_64_sync+0x1ac/0x1b0

Ensure this can't happen by taking the nfsd_mutex and checking that
the server is still up, and then holding the mutex across the call to
nfsd4_revoke_states().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.9 ≤
𝑥
< 6.12.66
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.6
linuxlinux_kernel
6.19:rc1
linuxlinux_kernel
6.19:rc2
linuxlinux_kernel
6.19:rc3
linuxlinux_kernel
6.19:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.259-1
fixed
forky
7.0.13-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.95-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1.150700.17.23.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1.150700.17.23.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1.150700.17.23.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.34.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.34.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.12
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel-livepatch-6.12.66-88.122
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-libbpf
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-libbpf-debuginfo
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-libbpf-devel
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-libbpf-static
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.66-88.122.amzn2023
fixed