PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43470 Linux CVE debrief

CVE-2026-43470 is a Linux kernel NFS flaw that can lead to a kernel oops and denial of service when an NFS create path encounters a directory alias and the error is not handled correctly. The issue was published on 2026-05-08 and updated on 2026-05-21. NVD rates it 5.5 (MEDIUM), and the described impact is availability-only: no confidentiality or integrity impact is identified in the supplied record.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators running affected kernels with NFS client activity should care most. Environments that use concurrent create/delete/open patterns on the same names, especially workloads similar to the observed lustre-racer scenario, should treat this as a priority availability fix.

Technical summary

The source description says nfs3_proc_create could encounter an alias via nfs3_do_create, nfs_add_or_obtain, or d_splice_alias that is actually a directory dentry. In that case, the code previously did not return an error and instead discarded the alias while leaving the original dentry negative. That negative dentry could later reach nfs_atomic_open_v23/finish_open and be passed to do_dentry_open, leading to an oops. The fix is to explicitly check d_is_dir() and return EISDIR so file-opening paths do not proceed on a directory inode. NVD lists affected Linux kernel ranges as 6.10 before 6.12.78, 6.13 before 6.18.19, 6.19 before 6.19.9, and 7.0 release candidates rc1 through rc3.

Defensive priority

Medium

Recommended defensive actions

  • Apply the upstream/stable kernel fixes referenced by the four kernel.org patch links in the source record.
  • Backport the fix to any supported downstream kernel branches that match the affected version ranges.
  • Prioritize patching systems that use NFS heavily or run concurrent create/delete/open workloads on the same paths.
  • Validate that your distribution's kernel build includes the directory-alias error handling change before declaring systems remediated.
  • Monitor for kernel oopses or crashes in NFS-related paths until patched systems are fully deployed.

Evidence notes

This debrief is based only on the supplied CVE record and NVD metadata. The record describes an NFS create/open handling bug that can cause an oops when a directory alias is mishandled; NVD classifies it with CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and lists NVD-CWE-noinfo. The supplied record also includes four official kernel.org patch references and affected kernel version ranges.

Official resources

Published 2026-05-08T15:17:00.090Z; modified 2026-05-21T13:59:48.260Z. No KEV entry is listed in the supplied data.