HOMEVULNERABILITIESCVE-2026-31403
NONE

CVE-2026-31403

Published: April 3, 2026· Updated: Apr 7, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.6th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd

The /proc/fs/nfs/exports proc entry is created at module init

and persists for the module's lifetime. exports_proc_open()

captures the caller's current network namespace and stores

its svc_export_cache in seq->private, but takes no reference

on the namespace. If the namespace is subsequently torn down

(e.g. container destruction after the opener does setns() to a

different namespace), nfsd_net_exit() calls nfsd_export_shutdown()

which frees the cache. Subsequent reads on the still-open fd

dereference the freed cache_detail, walking a freed hash table.

Hold a reference on the struct net for the lifetime of the open

file descriptor. This prevents nfsd_net_exit() from running --

and thus prevents nfsd_export_shutdown() from freeing the cache

-- while any exports fd is open. cache_detail already stores

its net pointer (cd->net, set by cache_create_net()), so

exports_release() can retrieve it without additional per-file

storage.

NVD Source

Technical Analysis

CVE-2026-31403 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-31403
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 3, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31403 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.