CVE-2026-53026

Source
https://cve.org/CVERecord?id=CVE-2026-53026
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53026.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53026
Downstream
Published
2026-06-24T16:29:34.855Z
Modified
2026-07-15T01:49:10.225981111Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: fix nfs4file access extra count in nfsd4addrdaccessto_wrdeleg

In nfsd4addrdaccesstowrdeleg, if fp->fifds[ORDONLY] is already set by another thread, _nfs4filegetaccess should not be called to increment the nfs4file access count since that was already done by the thread that added READ access to the file. The extra fiaccess count in nfs4file can prevent the corresponding nfsdfile from being freed.

When stopping nfs-server service, these extra access counts trigger a BUG in kmemcachedestroy() that shows nfsd_file object remaining on __kmemcacheshutdown.

This problem can be reproduced by running the Git project's test suite over NFS.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53026.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c07dc84ed67c5a182273171639bacbbb87c12175
Fixed
4584229395d0d65bd517780afe97ffea07cb2c3d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8072e34e1387d03102b788677d491e2bcceef6f5
Fixed
b81572b073441dfd32213e41857676d0dbff4665
Fixed
b48f44f36e6607b2f818560f19deb86b4a9c717b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6.18.4
Fixed
6.18.33

Affected versions

v6.*
v6.18.10
v6.18.11
v6.18.12
v6.18.13
v6.18.14
v6.18.15
v6.18.16
v6.18.17
v6.18.18
v6.18.19
v6.18.20
v6.18.21
v6.18.22
v6.18.23
v6.18.24
v6.18.25
v6.18.26
v6.18.27
v6.18.28
v6.18.29
v6.18.30
v6.18.31
v6.18.32
v6.18.4
v6.18.5
v6.18.6
v6.18.7
v6.18.8
v6.18.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53026.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53026.json"