CVE-2026-23297

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the nfsd nl threads set doit() function. Specifically, a reference to a cred structure is leaked when nfsd nl threads set doit() calls nfsd svc() without subsequently calling put cred(). This occurs because the ownership of the reference count is not transferred. The issue was identified by syzbot, a fuzzing tool, which reported an unreferenced object in memory. The function nfsd svc() is also called from write threads(), but does not increment the file credential count. The current cred() function is used in nfsd nl threads set doit() to address this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.