In the Linux kernel, the following vulnerability has been resolved:
NFS: Don't corrupt the value of pgbyteswritten in nfsdorecoalesce()
The value of mirror->pgbyteswritten should only be updated after a successful attempt to flush out the requests on the list.