CVE-2026-43394

Published: May 8, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). As we can see from other callers, svc_xprt_create_from_sa() does not require the extra refcount. nfsd_nl_listener_set_doit() is always in the process context, sendmsg(), and current->cred does not go away. Let's use current_cred() in nfsd_nl_listener_set_doit().

Vendor	Product	Versions
Linux	Linux	affected `16a471177496c8e04a9793812c187a2c1a2192fa - < 02e87ec0bc706cb93fa47b43d18c4d10102c7d54` affected `16a471177496c8e04a9793812c187a2c1a2192fa - < 019debe5851d7355bea9ff0248cc317878924d8f` affected `16a471177496c8e04a9793812c187a2c1a2192fa - < cba413765376bb466035c9160fa3130402971e2c` affected `16a471177496c8e04a9793812c187a2c1a2192fa - < 92978c83bb4eef55d02a6c990c01c423131eefa7`
Linux	Linux	affected `6.10` unaffected `0 - < 6.10` unaffected `6.12.78 - <= 6.12.` unaffected `6.18.19 - <= 6.18.` unaffected `6.19.9 - <= 6.19.*` +1 more versions

References

https://git.kernel.org/stable/c/02e87ec0bc706cb93fa47b43d18c4d10102c7d54

https://git.kernel.org/stable/c/019debe5851d7355bea9ff0248cc317878924d8f

https://git.kernel.org/stable/c/cba413765376bb466035c9160fa3130402971e2c

https://git.kernel.org/stable/c/92978c83bb4eef55d02a6c990c01c423131eefa7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43394

Description

Affected Products

References