Description
In the Linux kernel, the following vulnerability has been resolved:

nfsd: never defer requests during idmap lookup

During v4 request compound arg decoding, some ops (e.g. SETATTR)
can trigger idmap lookup upcalls. When those upcall responses get
delayed beyond the allowed time limit, cache_check() will mark the
request for deferral and cause it to be dropped.

This prevents nfs4svc_encode_compoundres from being executed, and
thus the session slot flag NFSD4_SLOT_INUSE never gets cleared.
Subsequent client requests will fail with NFSERR_JUKEBOX, given
that the slot will be marked as in-use, making the SEQUENCE op
fail.

Fix this by making sure that the RQ_USEDEFERRAL flag is always
clear during nfs4svc_decode_compoundargs(), since no v4 request
should ever be deferred.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel’s NFS daemon invalidates session slot management during V4 request argument decoding. When an ID mapping lookup upcall is timed out, the request is marked for deferral and dropped, preventing the normal response encoding from executing. Consequently the session slot flag never clears, causing subsequent client operations to fail with an NFSERR_JUKEBOX error, effectively denying service to legitimate clients and disrupting file system operations.

Affected Systems

All Linux distributions running the Linux kernel exposed to the NFS daemon are potentially susceptible, as the vulnerability is located in the kernel’s NFS server implementation (nfsd). No vendor‑specific version list was provided, but any kernel configuration that enables NFSv4 without the patch is affected.

Risk and Exploitability

The vulnerability appears to be exploitable through crafted NFSv4 client requests that trigger ID mapping lookups. The EPSS score is not available, but the absence of a KEV listing indicates it has not yet been observed in the wild as a known exploit. Nonetheless, the CVSS score of 7.0 suggests a serious impact, and an attacker with network access to the NFS server could reliably induce a denial of service by sending repeated compound operations. The fix requires kernel changes that prevent any NFSv4 request from being deferred during idmap lookup.

Generated by OpenCVE AI on May 28, 2026 at 03:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the patch which clears the RQ_USEDEFERRAL flag during nfs4svc_decode_compoundargs().
  • After applying the kernel update, restart the NFS service (nfsd) to load the new code into memory.
  • Reboot the system to ensure the patched kernel fully takes effect and all services use the updated code.

Generated by OpenCVE AI on May 28, 2026 at 03:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 28 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-640
CWE-775

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-640
CWE-775

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops (e.g. SETATTR) can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cache_check() will mark the request for deferral and cause it to be dropped. This prevents nfs4svc_encode_compoundres from being executed, and thus the session slot flag NFSD4_SLOT_INUSE never gets cleared. Subsequent client requests will fail with NFSERR_JUKEBOX, given that the slot will be marked as in-use, making the SEQUENCE op fail. Fix this by making sure that the RQ_USEDEFERRAL flag is always clear during nfs4svc_decode_compoundargs(), since no v4 request should ever be deferred.
Title nfsd: never defer requests during idmap lookup
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:41.619Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45983

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:15.500

Modified: 2026-06-16T02:39:11.907

Link: CVE-2026-45983

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45983 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:00:10Z

Weaknesses