CVE-2026-22980 Linux CVE debrief

Who should care

System administrators and users of Linux-based systems should be aware of this vulnerability, especially those using Linux kernel versions between 3.18 and 6.18.6, as well as 6.19 rc versions. This vulnerability can be exploited locally, and an attacker with low privileges can potentially exploit it to gain elevated access.

Technical summary

The vulnerability exists in the nfsd subsystem of the Linux kernel. Specifically, it is caused by a race condition between writing to v4_end_grace and server shutdown. When v4_end_grace is written, it can schedule a work item, but if the server is shutting down, it may access memory that has already been freed, resulting in a use-after-free vulnerability. The Linux kernel community has provided several patches to address this vulnerability, including commits 06600719, 2857bd59, 34eb2283, 53f07d095, ba4811c8, ca973608, and e8bfa240.

Defensive priority

High

Recommended defensive actions

• Apply the provided patches from the Linux kernel community to address the vulnerability.
• Update Linux kernel to a version that includes the fixes, such as 5.10.249, 5.15.199, 5.16.0-50, 6.1.162, 6.6.122, or later.
• Use Linux kernel versions that are not vulnerable, such as 3.18, 5.11, 5.16, 6.2, 6.7, or later.
• Disable nfsd subsystem if not required.
• Monitor system logs for potential exploitation attempts.

Evidence notes

The information provided is based on the CVE-2026-22980 record and the Linux kernel community patches. The vulnerability has been publicly disclosed and has a CVSS score of 7.8, indicating high severity.

Official resources