CVE-2026-43193
Refcount Leak in Linux Kernel NFS Server
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's NFS server component (nfsd). Specifically, it occurs in the function nfsd_get_dir_deleg(), where a reference to an internal object called "nfs4_file" (abbreviated as "fp") is not properly released before the function returns. This means that the system is holding onto resources longer than necessary, which can lead to resource exhaustion.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily related to resource management. Because the reference to the nfs4_file object is not released properly, it can cause a leak of system resources. Over time, this could lead to increased memory usage and potentially degrade system performance or stability, especially on systems heavily using NFS. However, there is no indication that this vulnerability allows for privilege escalation, data corruption, or remote code execution.