Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NFSD Deferment of Sub-Object Cleanup Vulnerability Leading to NULL Pointer Dereference

Vulnerability

A vulnerability in the Linux kernel's NFS server (NFSD) has been addressed, which involved improper management of export references. The issue arose because the export cleanup process was not correctly synchronized with the RCU (Read-Copy-Update) grace period. This mismanagement allowed for concurrent access to freed resources, leading to a NULL pointer dereference. The vulnerability was caused by the immediate release of export references before the RCU grace period, enabling RCU readers to access invalidated data. The issue has been fixed by deferring the cleanup process until after the RCU grace period, ensuring that all references are properly managed and reducing the risk of concurrent access to freed resources.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a crash or instability in the NFS server.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.

Added: Apr 3, 2026, 4:23 PM
Updated: Apr 3, 2026, 4:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
3.8
exploitability
3.5
remediation
7.7
relevance
5.2
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.