CVE-2026-23297

CVE-2026-23297 affects the Linux kernel’s NFS daemon (nfsd). The issue is a memory leak of struct cred caused by how nfsd_nl_threads_set_doit() passes current credentials to nfsd_svc() and later to _svc_xprt_create() without transferring ownership, leaving a refcount leak. SYZBOT identified a lea...

ROS-20260323-73-0006

A vulnerability in the initnfsd function in the fs/nfsd/nfsctl.c module of the Linux kernel's NFS network file system support is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004487 advisory. A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003056)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003056 advisory. The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a...

RHEL 10 : kernel (RHSA-2025:22571)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22571 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: handle getclientlocked...

Siemens SIMATIC Devices Use After Free (CVE-2023-1652)

A use-after-free flaw was found in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. This plugin only works with Tenable.ot. Please visit...

EUVD-2012-1762

Malware in sbrugna...

EUVD-2010-4412

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-50385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFS: Fix an Oops in nfsdautomount When mounting from a NFSv4 referral, path-dentry can end up being a negative dentry, so derive the struct nfsserver from the...

Linux Distros Unpatched Vulnerability : CVE-2025-21908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFS: fix nfsreleasefolio to not deadlock via kcompactd writeback Add PFKCOMPACTD flag and currentiskcompactd helper to check for it so nfsreleasefolio can skip...

CVE-2007-6733

The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...

CVE-2025-37871

CVE-2025-37871 concerns the Linux kernel, where a deadlock warning could occur in NFS delegation handling when a dl_recall queue fails. The root cause described is interaction between nfsd, nfs4_put_stid, and the delegation’s sc_count, which could deadlock during disassociation of an nfs4_delegat...

CVE-2025-39688

In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SCSTATUSFREEABLE when searching via nfs4lookupstateid The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to...

CVE-2022-49097

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

CVE-2022-49097 NFS: Avoid writeback threads getting stuck in mempool_alloc()

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

CVE-2024-56779

The CVE-2024-56779 entry describes a Linux kernel vulnerability in nf sd4_open handling where concurrent opens could leak nfsd_openowner state, potentially leaving objects unfreed and triggering a warning when /proc/fs/nfsd/threads is echoed. The issue arises when two rpc_task instances race to o...

CVE-2021-4157

An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...

CVE-2021-4157

An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...

nfs-utils bug fix and enhancement update

The nfs-utils packages provide a daemon for the kernel Network File System NFS server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Bug Fixes and...