Login Sign Up

CVE-2026-22980

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's NFS server (nfsd) that can lead to use-after-free memory corruption. The issue occurs when writing to v4_end_grace races with server shutdown, potentially allowing freed memory to be accessed. Systems running affected Linux kernel versions with NFSv4 server enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable code (exact range depends on distribution backports)
Operating Systems: Linux distributions with affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when NFSv4 server is enabled and running. Many systems disable NFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise.

🟠

Likely Case

System instability, crashes, or denial of service affecting NFS server functionality.

🟢

If Mitigated

Minimal impact if NFSv4 server is disabled or proper kernel patches are applied.

🌐 Internet-Facing: MEDIUM - NFS servers exposed to untrusted networks could be targeted, but exploitation requires specific conditions.
🏢 Internal Only: MEDIUM - Internal NFS servers could be affected by malicious clients or accidental triggering.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires race condition timing and NFS server access. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 06600719d0f7a723811c45e4d51f5b742f345309, 2857bd59feb63fcf40fe4baf55401baea6b4feb4, 34eb22836e0cdba093baac66599d68c4cd245a9d, 53f07d095e7e680c5e4569a55a019f2c0348cdc6, ba4811c8b433bfa681729ca42cc62b6034f223b0

Vendor Advisory: https://git.kernel.org/stable/c/06600719d0f7a723811c45e4d51f5b742f345309

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable NFSv4 server

linux

Disable NFSv4 server functionality to prevent exploitation

systemctl stop nfs-server
systemctl disable nfs-server

Disable client tracking

linux

Disable NFSv4 client tracking to mitigate the race condition

echo 0 > /sys/module/nfsd/parameters/nfs4_disable_idmapping

🧯 If You Can't Patch

  • Disable NFS server entirely if not required
  • Restrict NFS access to trusted networks only using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if NFS server is running and kernel version is vulnerable: systemctl status nfs-server && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version and NFS server functions normally

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NFS server crash logs
  • System instability after NFS operations

Network Indicators:

  • Unusual NFS traffic patterns
  • Multiple failed NFS connections

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND "nfsd"

📊 Metadata

CVE ID: CVE-2026-22980
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.03% exploit probability (8.9th percentile)
Published: January 23, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22980, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)