U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-45983 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops (e.g. SETATTR) can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cache_check() will mark the request for deferral and cause it to be dropped. This prevents nfs4svc_encode_compoundres from being executed, and thus the session slot flag NFSD4_SLOT_INUSE never gets cleared. Subsequent client requests will fail with NFSERR_JUKEBOX, given that the slot will be marked as in-use, making the SEQUENCE op fail. Fix this by making sure that the RQ_USEDEFERRAL flag is always clear during nfs4svc_decode_compoundargs(), since no v4 request should ever be deferred.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/063a6f22478ef929625000a2caf54667725c1dfd kernel.org
https://git.kernel.org/stable/c/243f71ed873ff3feeb6f9b5cb145d63f7188b4c4 kernel.org
https://git.kernel.org/stable/c/3a72c7dedc99b321e0f267e4e999e5baf07c4593 kernel.org
https://git.kernel.org/stable/c/8dff54fe88c0dcd4c55bff9fc2fa6ca968290826 kernel.org
https://git.kernel.org/stable/c/99e17b20fddac19a228d213e00f6b9e1c10daff9 kernel.org
https://git.kernel.org/stable/c/b9abb760db20504240a7147f27934d900cd80b23 kernel.org
https://git.kernel.org/stable/c/d75ec4504a4340b033b15cad0303988b3089dd93 kernel.org
https://git.kernel.org/stable/c/f9c206cdc4266caad6a9a7f46341420a10f03ccb kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-45983
NVD Published Date:
05/27/2026
NVD Last Modified:
05/27/2026
Source:
kernel.org