{"id":"CVE-2026-45983","summary":"nfsd: never defer requests during idmap lookup","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: never defer requests during idmap lookup\n\nDuring v4 request compound arg decoding, some ops (e.g. SETATTR)\ncan trigger idmap lookup upcalls. When those upcall responses get\ndelayed beyond the allowed time limit, cache_check() will mark the\nrequest for deferral and cause it to be dropped.\n\nThis prevents nfs4svc_encode_compoundres from being executed, and\nthus the session slot flag NFSD4_SLOT_INUSE never gets cleared.\nSubsequent client requests will fail with NFSERR_JUKEBOX, given\nthat the slot will be marked as in-use, making the SEQUENCE op\nfail.\n\nFix this by making sure that the RQ_USEDEFERRAL flag is always\nclear during nfs4svc_decode_compoundargs(), since no v4 request\nshould ever be deferred.","modified":"2026-05-29T04:03:13.239803580Z","published":"2026-05-27T12:18:41.619Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45983.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/063a6f22478ef929625000a2caf54667725c1dfd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/243f71ed873ff3feeb6f9b5cb145d63f7188b4c4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3a72c7dedc99b321e0f267e4e999e5baf07c4593"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8dff54fe88c0dcd4c55bff9fc2fa6ca968290826"},{"type":"WEB","url":"https://git.kernel.org/stable/c/99e17b20fddac19a228d213e00f6b9e1c10daff9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b9abb760db20504240a7147f27934d900cd80b23"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d75ec4504a4340b033b15cad0303988b3089dd93"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9c206cdc4266caad6a9a7f46341420a10f03ccb"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45983.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45983"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2f425878b6a71571341dcd3f9e9d1a6f6355da9c"},{"fixed":"b9abb760db20504240a7147f27934d900cd80b23"},{"fixed":"3a72c7dedc99b321e0f267e4e999e5baf07c4593"},{"fixed":"99e17b20fddac19a228d213e00f6b9e1c10daff9"},{"fixed":"243f71ed873ff3feeb6f9b5cb145d63f7188b4c4"},{"fixed":"063a6f22478ef929625000a2caf54667725c1dfd"},{"fixed":"d75ec4504a4340b033b15cad0303988b3089dd93"},{"fixed":"8dff54fe88c0dcd4c55bff9fc2fa6ca968290826"},{"fixed":"f9c206cdc4266caad6a9a7f46341420a10f03ccb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45983.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.30"},{"fixed":"5.10.252"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.202"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.165"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.128"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45983.json"}}],"schema_version":"1.7.5"}