523 matches found
EUVD-2026-45454
In the Linux kernel, the following vulnerability has been resolved: nfsd: release layout stid on setlease failure nfs4allocstid publishes the new stid into cl-clstateids via idralloccyclic under cllock before returning to nfsd4alloclayoutstateid. When nfsd4layoutsetlease then fails, the error pat...
EUVD-2026-45520
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix SECINFONONAME decode error cleanup nfsd4decodesecinfononame currently initializes sinexp after decoding sinstyle. If the XDR stream is truncated, the decoder returns nfserrbadxdr before sinexp is initialized. Since comm...
CVE-2026-53398
CVE-2026-53398 (Linux kernel NFSD) fixes a decode error in nfsd4_decode_secinfo_no_name. If the XDR stream is truncated, the decoder could return nfserr_bad_xdr before initializing sin_exp, leaving it with stale data between RPC calls due to an inline iops array not being cleared after a previous...
CVE-2026-53394
In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race When findorallocopenstateowner encounters an unconfirmed owner, it calls releaseopenowner and sets oo = NULL. Control then falls through past the if oo guard -...
CVE-2026-53393
In the Linux kernel, the NFS server component (nfsd) fixes a durability issue where deferred writeback errors could leave UNSTABLE data unverified. Specifically, nfsd_vfs_write() and nfsd_commit() did not rotate the server’s write verifier (nn->writeverf) when filemap_check_wb_err() detected d...
PT-2026-61099
In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race When find or alloc open stateowner encounters an unconfirmed owner, it calls release openowner and sets oo = NULL. Control then falls through past the if oo...
USN-8490-2: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
USN-8490-1 linux, linux-aws, linux-aws-6.17, linux-gcp, linux-gcp-6.17, linux-oracle, linux-oracle-6.17 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
USN-8490-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-8547-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8547-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
USN-8547-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...
USN-8546-1 linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
USN-8545-1: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
CVE-2026-56648 Windows NFS Server Elevation of Privilege Vulnerability
...
CVE-2026-56194
CVE-2026-56194 : Heap-based buffer overflow in Windows Network File System (NFS) can allow an authorized attacker to elevate privileges over a network. Affected component is Windows NFS Server; root cause described as a heap-based overflow in the NFS networking path. The CVE entry indicates privi...
Ubuntu 22.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-8527-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8527-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
USN-8527-1 linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
SUSE SLED15 / SLES15 Security Update : libnfs (SUSE-SU-2026:2760-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2760-1 advisory. This update for libnfs fixes the following issue - CVE-2026-53689: integer overflow during a connection to a crafted NF...