5.5
CVE-2026-43394
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:21:38
- Zuletzt bearbeitet 26.05.2026 14:50:08
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). As we can see from other callers, svc_xprt_create_from_sa() does not require the extra refcount. nfsd_nl_listener_set_doit() is always in the process context, sendmsg(), and current->cred does not go away. Let's use current_cred() in nfsd_nl_listener_set_doit().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.10 < 6.12.78
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.19
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.9
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/02e87ec0bc706cb93fa47b43d18c4d10102c7d54
https://git.kernel.org/stable/c/019debe5851d7355bea9ff0248cc317878924d8f
https://git.kernel.org/stable/c/cba413765376bb466035c9160fa3130402971e2c
https://git.kernel.org/stable/c/92978c83bb4eef55d02a6c990c01c423131eefa7