{"id":"CVE-2026-53026","summary":"NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg\n\nIn nfsd4_add_rdaccess_to_wrdeleg, if fp-\u003efi_fds[O_RDONLY] is already\nset by another thread, __nfs4_file_get_access should not be called\nto increment the nfs4_file access count since that was already done\nby the thread that added READ access to the file. The extra fi_access\ncount in nfs4_file can prevent the corresponding nfsd_file from being\nfreed.\n\nWhen stopping nfs-server service, these extra access counts trigger a\nBUG in kmem_cache_destroy() that shows nfsd_file object remaining on\n__kmem_cache_shutdown.\n\nThis problem can be reproduced by running the Git project's test\nsuite over NFS.","modified":"2026-07-15T01:49:10.225981111Z","published":"2026-06-24T16:29:34.855Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53026.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4584229395d0d65bd517780afe97ffea07cb2c3d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b48f44f36e6607b2f818560f19deb86b4a9c717b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b81572b073441dfd32213e41857676d0dbff4665"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53026.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53026"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c07dc84ed67c5a182273171639bacbbb87c12175"},{"fixed":"4584229395d0d65bd517780afe97ffea07cb2c3d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8072e34e1387d03102b788677d491e2bcceef6f5"},{"fixed":"b81572b073441dfd32213e41857676d0dbff4665"},{"fixed":"b48f44f36e6607b2f818560f19deb86b4a9c717b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6.18.4"},{"fixed":"6.18.33"}]}],"versions":["v6.18.32","v6.18.31","v6.18.30","v6.18.29","v6.18.28","v6.18.27","v6.18.26","v6.18.25","v6.18.24","v6.18.23","v6.18.22","v6.18.21","v6.18.20","v6.18.19","v6.18.18","v6.18.17","v6.18.16","v6.18.15","v6.18.14","v6.18.13","v6.18.12","v6.18.11","v6.18.10","v6.18.9","v6.18.8","v6.18.7","v6.18.6","v6.18.5","v6.18.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53026.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.18.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53026.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}