PT-2026-30185 · Linux+2 · Linux Kernel+2

Published

2026-02-24

·

Updated

2026-07-06

·

CVE-2026-31402

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel’s Network File System daemon (nfsd) contained a heap overflow in the NFSv4.0 LOCK replay cache. The NFSv4.0 replay cache uses a fixed 112-byte inline buffer to store encoded operation responses. This size was insufficient for LOCK denied responses, which can include a variable-length lock owner field up to 1024 bytes. When a LOCK operation is denied due to a conflict with an existing lock that has a large owner, the encoded response is copied into the undersized replay buffer without bounds checking, leading to a heap overflow of up to 944 bytes. This issue can be triggered remotely by an unauthenticated attacker using two cooperating NFSv4.0 clients. One client sets a lock with a large owner string, and the other requests a conflicting lock to provoke the denial.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:13565
ALSA-2026:13566
ALSA-2026:13577
ALSA-2026:13578
ALSA-2026:19568
ALSA-2026:19569
BDU:2026-05258
CVE-2026-31402
ECHO-E29E-D594-D326
OESA-2026-2075
OESA-2026-2077
RHSA-2026:10108
RHSA-2026:11313
RHSA-2026:13565
RHSA-2026:13566
RHSA-2026:13577
RHSA-2026:13578
RHSA-2026:13664
RHSA-2026:13681
RHSA-2026:13734
RHSA-2026:13936
RHSA-2026:14137
RHSA-2026:14165
RHSA-2026:14301
RHSA-2026:14823
RHSA-2026:14869
RHSA-2026:14925
RHSA-2026:15883
RHSA-2026:19568
RHSA-2026:19569
SUSE-SU-2026:2195-1
SUSE-SU-2026:22276-1
SUSE-SU-2026:22277-1
SUSE-SU-2026:22278-1
SUSE-SU-2026:22279-1
SUSE-SU-2026:22280-1
SUSE-SU-2026:22281-1
SUSE-SU-2026:22282-1
SUSE-SU-2026:22283-1
SUSE-SU-2026:22288-1
SUSE-SU-2026:2238-1
SUSE-SU-2026:22383-1
SUSE-SU-2026:22384-1
SUSE-SU-2026:22385-1
SUSE-SU-2026:22386-1
SUSE-SU-2026:22387-1
SUSE-SU-2026:22388-1
SUSE-SU-2026:22389-1
SUSE-SU-2026:22390-1
SUSE-SU-2026:22391-1
SUSE-SU-2026:22396-1
SUSE-SU-2026:22397-1
SUSE-SU-2026:22398-1
SUSE-SU-2026:22399-1
SUSE-SU-2026:22400-1
SUSE-SU-2026:22401-1
SUSE-SU-2026:22402-1
SUSE-SU-2026:22403-1
SUSE-SU-2026:22404-1
SUSE-SU-2026:22405-1
SUSE-SU-2026:22406-1
SUSE-SU-2026:22407-1
SUSE-SU-2026:22408-1
SUSE-SU-2026:22409-1
SUSE-SU-2026:22410-1
SUSE-SU-2026:22411-1
SUSE-SU-2026:22412-1
SUSE-SU-2026:22413-1
SUSE-SU-2026:22414-1
SUSE-SU-2026:22415-1
SUSE-SU-2026:22416-1
SUSE-SU-2026:22417-1
SUSE-SU-2026:22418-1
SUSE-SU-2026:22419-1
SUSE-SU-2026:22420-1
SUSE-SU-2026:22421-1
SUSE-SU-2026:22425-1
SUSE-SU-2026:22426-1
SUSE-SU-2026:22427-1
SUSE-SU-2026:22428-1
SUSE-SU-2026:22461-1
SUSE-SU-2026:22462-1
SUSE-SU-2026:22463-1
SUSE-SU-2026:22464-1
SUSE-SU-2026:22465-1
SUSE-SU-2026:22466-1
SUSE-SU-2026:22467-1
SUSE-SU-2026:22468-1
SUSE-SU-2026:22469-1
SUSE-SU-2026:22470-1
SUSE-SU-2026:22471-1
SUSE-SU-2026:22472-1
SUSE-SU-2026:22473-1
SUSE-SU-2026:22474-1
SUSE-SU-2026:22475-1
SUSE-SU-2026:22476-1
SUSE-SU-2026:22478-1
SUSE-SU-2026:22479-1
SUSE-SU-2026:22480-1
SUSE-SU-2026:22481-1
SUSE-SU-2026:22482-1
SUSE-SU-2026:22483-1
SUSE-SU-2026:22484-1
SUSE-SU-2026:22485-1
SUSE-SU-2026:22486-1
SUSE-SU-2026:22487-1
SUSE-SU-2026:22488-1
SUSE-SU-2026:22489-1
SUSE-SU-2026:22490-1
SUSE-SU-2026:22491-1
SUSE-SU-2026:2317-1
SUSE-SU-2026:2494-1
SUSE-SU-2026:2496-1
SUSE-SU-2026:2500-1
SUSE-SU-2026:2503-1
SUSE-SU-2026:2511-1
SUSE-SU-2026:2518-1
SUSE-SU-2026:2520-1
SUSE-SU-2026:2532-1
SUSE-SU-2026:2549-1
SUSE-SU-2026:2559-1
SUSE-SU-2026:2567-1
SUSE-SU-2026:2571-1
SUSE-SU-2026:2588-1
SUSE-SU-2026:2592-1
SUSE-SU-2026:2594-1
SUSE-SU-2026:2601-1
SUSE-SU-2026:2603-1
SUSE-SU-2026:2607-1
SUSE-SU-2026:2608-1
SUSE-SU-2026:2610-1
USN-8490-1
USN-8491-1
USN-8492-1
USN-8492-2
USN-8492-3
USN-8493-1
USN-8493-2
USN-8497-1
USN-8498-1
USN-8499-1
USN-8501-1
USN-8508-1

Affected Products

Linux Kernel
Red Os
Rocky Linux