CVE-2026-31402

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s Network File System daemon (nfsd) contained a heap overflow in the NFSv4.0 LOCK replay cache. The NFSv4.0 replay cache uses a fixed 112-byte inline buffer to store encoded operation responses. This size was insufficient for LOCK denied responses, which can include a variable-length lock owner field up to 1024 bytes. When a LOCK operation is denied due to a conflict with an existing lock that has a large owner, the encoded response is copied into the undersized replay buffer without bounds checking, leading to a heap overflow of up to 944 bytes. This issue can be triggered remotely by an unauthenticated attacker using two cooperating NFSv4.0 clients. One client sets a lock with a large owner string, and the other requests a conflicting lock to provoke the denial.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.