CVE-2026-31403 — Expired Pointer Dereference in Linux
Severity
5.5MEDIUM
No vectorEPSS
0.0%
top 90.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Description
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd
The /proc/fs/nfs/exports proc entry is created at module init
and persists for the module's lifetime. exports_proc_open()
captures the caller's current network namespace and stores
its svc_export_cache in seq->private, but takes no reference
on the namespace. If the namespace is subsequently torn down
(e.g. container destruction after the opener does setns() …
Affected Packages3 packages
▶CVEListV5linux/linux96d851c4d28de8cc83fe2bd5c6bc2eb8f253a6c5 — c7f406fb341d6747634b8b1fa5461656e5e56076+6
🔴Vulnerability Details
2OSV▶
CVE-2026-31403: In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/↗2026-04-03
GHSA▶
GHSA-85m5-f4f3-q6f5: In the Linux kernel, the following vulnerability has been resolved:
NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd
The /proc/f↗2026-04-03