CVE-2026-43394

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A credential reference leak exists in the nfsd nl listener set doit() function. The issue occurs because the function utilizes get current cred() without a corresponding put cred() call to release the reference. Since the function operates within the process context and current->cred remains stable during sendmsg(), the additional reference count provided by get current cred() is unnecessary for svc xprt create from sa().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.