PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-26629 Linux CVE debrief

CVE-2024-26629 affects the Linux kernel NFS server (nfsd) handling of NFSv4 RELEASE_LOCKOWNER. According to the supplied record, the original so_count-based test could return a false NFS4ERR_LOCKS_HELD even when no locks were actually held, creating a protocol violation and incorrect client behavior. The issue was published on 2024-03-13 and is rated medium severity in the supplied NVD data.

Vendor
Linux
Product
CVE-2024-26629
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-03-13
Original CVE updated
2026-05-12
Advisory published
2024-03-13
Advisory updated
2026-05-12

Who should care

Administrators and vendors running Linux kernels with NFS server (nfsd) enabled, especially environments that handle NFSv4 lock-owner cleanup. Downstream distribution maintainers and appliance vendors should prioritize patched kernel builds for affected releases.

Technical summary

The vulnerability is in nfsd4_release_lockowner(). The code path used so_count to decide whether a lock owner still had locks, but so_count can include transient references and other state, so the check could falsely report NFS4ERR_LOCKS_HELD. The supplied fix description says the logic was reverted to check_for_locks(), and that helper was changed to use find_any_file_locked() so it does not take an extra nfs4_file reference or sleep. NVD maps the issue to CWE-667 and CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

Medium. The issue requires local access to interact with the affected NFS server path, but it can break lock-owner release behavior and cause availability and protocol-correctness problems on exposed systems.

Recommended defensive actions

  • Apply the kernel update or vendor backport that includes the nfsd RELEASE_LOCKOWNER fix.
  • Verify whether any deployed Linux kernels fall within the affected ranges listed by NVD: 5.19 through 6.1.79, 6.2 through 6.6.15, 6.7 through 6.7.3, and 6.8-rc1.
  • Prioritize remediation on systems that run NFSv4 services and accept lock-management traffic from clients.
  • If patching must be delayed, reduce exposure to trusted clients only and review operational reliance on NFS lock-owner workflows until the fix is deployed.

Evidence notes

All statements are based on the supplied CVE/NVD corpus and linked official references. The record shows CVE publishedAt 2024-03-13T14:15:07.717Z and modifiedAt 2026-05-12T12:16:18.813Z; those timestamps are used only as record timing context, not as issue-date substitutes. NVD provides CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), CWE-667, and vulnerable CPE ranges. No KEV listing or ransomware-use evidence is present in the supplied data.

Official resources

Publicly disclosed in the CVE/NVD record on 2024-03-13. The supplied corpus also shows a later NVD modification on 2026-05-12; no KEV entry is provided.