CVE-2026-43394
Credential Reference Leak in Linux Kernel NFS Daemon
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a credential reference leak in the Linux kernel's NFS daemon (nfsd) specifically in the function nfsd_nl_listener_set_doit(). The function uses get_current_cred() to obtain credentials but does not properly release them with put_cred(), causing a reference count leak.
The issue arises because nfsd_nl_listener_set_doit() uses get_current_cred() without a corresponding put_cred(), unlike other callers such as svc_xprt_create_from_sa() which do not require the extra reference count. The fix involves using current_cred() instead, which does not increase the reference count and avoids the leak.
How can this vulnerability impact me? :
The vulnerability causes a credential reference leak in the kernel, which can lead to resource leakage over time. This may result in increased memory usage or exhaustion of credential references, potentially degrading system performance or stability.