CVE-2026-22980

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the NFS daemon (nfsd) related to handling grace periods during server shutdown. Specifically, writing to the v4 end grace structure can occur concurrently with server shutdown, potentially leading to a use-after-free condition. This is due to a lack of proper locking mechanisms when accessing this structure. The issue involves a race between server shutdown, client tracking operations, and the landromat work queue. The fix introduces a new flag, client tracking active, protected by nn->client lock, to ensure safe client tracking calls. Another field, grace end forced, is used to bypass checks related to the completion of the grace period. The vulnerability can be triggered when writing to v4 end grace while the server is shutting down, potentially causing memory corruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.