CVE-2026-53026
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
In the Linux kernel's NFSD subsystem, a bug in nfsd4_add_rdaccess_to_wrdeleg causes an unnecessary increment of the nfs4_file access count. When another thread has already set read access, calling __nfs4_file_get_access again leads to an extra count, preventing the nfsd_file object from being freed. This triggers a BUG when stopping the NFS service.
Risk Assessment
Extra access counts can block kernel memory deallocation, causing a system crash (BUG) when stopping the NFS server. This may lead to NFS service instability and potential data access loss.
Recommendation
Immediately update the Linux kernel to a version containing the fix for CVE-2026-53026. Monitor official distribution security advisories and apply the patch as soon as it becomes available.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg In nfsd4_add_rdaccess_to_wrdeleg, if fp->fi_fds[O_RDONLY] is already set by another thread, __nfs4_file_get_access should not be called to increment the nfs4_file access count since that was already done by the thread that added READ access to the file. The extra fi_access count in nfs4_file can prevent the corresponding nfsd_file from being freed. When stopping nfs-server service, these extra access counts trigger a BUG in kmem_cache_destroy() that shows nfsd_file object remaining on __kmem_cache_shutdown. This problem can be reproduced by running the Git project's test suite over NFS.

