CVE-2026-22989
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-02-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlock_filesystem If we are trying to unlock the filesystem via an administrative interface and nfsd isn't running, it crashes the server. This happens currently because nfsd4_revoke_states() access state structures (eg., conf_id_hashtbl) that has been freed as a part of the server shutdown. [ 59.465072] Call trace: [ 59.465308] nfsd4_revoke_states+0x1b4/0x898 [nfsd] (P) [ 59.465830] write_unlock_fs+0x258/0x440 [nfsd] [ 59.466278] nfsctl_transaction_write+0xb0/0x120 [nfsd] [ 59.466780] vfs_write+0x1f0/0x938 [ 59.467088] ksys_write+0xfc/0x1f8 [ 59.467395] __arm64_sys_write+0x74/0xb8 [ 59.467746] invoke_syscall.constprop.0+0xdc/0x1e8 [ 59.468177] do_el0_svc+0x154/0x1d8 [ 59.468489] el0_svc+0x40/0xe0 [ 59.468767] el0t_64_sync_handler+0xa0/0xe8 [ 59.469138] el0t_64_sync+0x1ac/0x1b0 Ensure this can't happen by taking the nfsd_mutex and checking that the server is still up, and then holding the mutex across the call to nfsd4_revoke_states().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22989
EUVD
EUVD-2026-4280
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.6 (exc)
linux linux_kernel From 6.9 (inc) to 6.12.66 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's NFS daemon (nfsd) when attempting to unlock the filesystem via an administrative interface while the nfsd server is not running. Specifically, the function nfsd4_revoke_states() accesses state structures that have already been freed during server shutdown, causing the server to crash. The fix involves taking a mutex (nfsd_mutex) and verifying that the server is still running before proceeding, preventing the crash.

Impact Analysis

If exploited, this vulnerability can cause the Linux server running the NFS daemon to crash when an administrative unlock operation is attempted while the nfsd server is not running. This can lead to denial of service, disrupting access to network file systems and potentially impacting system availability.

Mitigation Strategies

To mitigate this vulnerability, ensure that the nfsd server is running before attempting to unlock the filesystem via the administrative interface. This prevents the server crash caused by accessing freed state structures. Specifically, the fix involves taking the nfsd_mutex and checking that the server is still up, then holding the mutex across the call to nfsd4_revoke_states(). Applying the relevant kernel patch or updating to a fixed kernel version that includes this check is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22989. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart