EUVD-2026-38894

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4file access extra count in nfsd4addrdaccesstowrdeleg In nfsd4addrdaccesstowrdeleg, if fp-fifdsORDONLY is already set by another thread, nfs4filegetaccess should not be called to increment the nfs4file access count...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fixed reference count leaks in nfs42proccopynotify. You rarely receive emails from [email protected]. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification. The reference counting issue occurs i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fixed a credential leak in nfs4discovertrunking...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a deadlock involving nfsreleasefolio Wang Zhaolong reported a deadlock involving NFSv4.1 state recovery, waiting on kthreadd, which attempts to reclaim memory by calling nfsreleasefolio. The latter cannot proceed due t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting the ACL. A NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL later. It finds that the ACL is only a default ACL based on the mode bits, not the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference count leak in nfsdsetfhdentry. nfsd exports a “pseudo root filesystem” which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: A use-after-free bug has been fixed in open. If someone cancels the open RPC call, then we must not attempt to free either the open slot or the layoutget operation arguments, as they are likely still in use by the hun...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: Restore credentials before releasing pageio data. Otherwise, if the nfsd filecache code releases the nfsdfile immediately, it may trigger the BUGON condition cred == current-cred in putcred, when putting...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fixed a slow server-side memory leak caused by RPC-over-TCP. Jan Schunk reported that his small NFS servers experience memory exhaustion after just a few days. A bisect analysis shows that commit e18e157bb5c8 “SUNRPC:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: fixed the management of listener transports Currently, when no active threads are running, a root user using the nfsdctl command can attempt to remove a particular listener from the list of previously added listeners. By...

Astra Linux – Vulnerability in Wireshark

In Wireshark versions 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This issue was addressed in the epan/dissectors/packet-nfs.c file by preventing excessive recursion, such as when a cycle occurred in the directory graph of a filesystem...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: Do not replace a page in the rqpages array if it is a continuation of the last page. The splice read function calls nfsdspliceactor to place the pages containing file data into the svcrqst-rqpages array. However, it is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations It seems that nothing limits the number of concurrent async COPY operations that clients can initiate. Additionally, AFAICT allows each async COPY to copy an unlimited...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfs: Handling of failures in nfsgetlockcontext during unlock path When memory is insufficient, the allocation of nfslockcontext in nfsgetlockcontext fails and returns -ENOMEM. If we mistakenly treat an nfs4unlockdata structure...

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14198)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the NFSv3 case. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

SUSE CVE-2026-53689

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7795-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-3 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Linux Distros Unpatched Vulnerability : CVE-2026-53689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7795-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

SUSE-SU-2026:2317-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-23271: perf: Fix perfeventoverflow vs perfremovefromcontext race bsc1260018. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261638. -...