CVE-2026-31404

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the NFS daemon (NFSD) related to the handling of sub-object cleanup during export release. Specifically, the svc export put() function calls path put() and auth domain put() immediately, potentially before the RCU grace period completes. This can lead to a NULL pointer dereference in d path if the cache is cleaned and the last reference is dropped concurrently while RCU readers are still accessing the sub-objects. The issue stems from the immediate freeing of resources before ensuring all RCU readers have finished accessing them. The fix involves deferring the cleanup using queue rcu work() to ensure the callback executes in process context after the RCU grace period, preventing the use of freed memory. The fix also applies to expkey put() with similar patterns.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.