In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix nfs4file access extra count in nfsd4addrdaccessto_wrdeleg
In nfsd4addrdaccesstowrdeleg, if fp->fifds[ORDONLY] is already set by another thread, _nfs4filegetaccess should not be called to increment the nfs4file access count since that was already done by the thread that added READ access to the file. The extra fiaccess count in nfs4file can prevent the corresponding nfsdfile from being freed.
When stopping nfs-server service, these extra access counts trigger a BUG in kmemcachedestroy() that shows nfsd_file object remaining on __kmemcacheshutdown.
This problem can be reproduced by running the Git project's test suite over NFS.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53026.json"
}