Directory Handling Flaw in Linux Kernel Affecting NFS Operations
CVE-2026-43470

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43470?

A flaw in the Linux kernel's handling of directory entries can cause negative dentries to be incorrectly processed during NFS operations. Specifically, when concurrent directory and file operations occur, the system may inadvertently treat a directory alias as a regular file entry, leading to operational problems. This vulnerability, chiefly arising during the use of the lustre-racer utility, can result in unexpected outcomes when violating exclusive access conditions (O_EXCL), ultimately causing system errors (oops) when file operations are attempted on directory inodes. To mitigate the issue, checks on directory status are necessary to avoid file operation attempts on directories, which is crucial for maintaining operational integrity.

Affected Version(s)

Linux 7c6c5249f061b64fc6b5b90bc147169a048691bf < 7e2963773760a664684435201960dd2fb712f1b5

Linux 7c6c5249f061b64fc6b5b90bc147169a048691bf < 203c792cb4315360d49973ae2e57feeb6d3dcf7e

Linux 7c6c5249f061b64fc6b5b90bc147169a048691bf < 9ee1770fcb2f1b48354622b926e7dc10222805f5

References

https://git.kernel.org/stable/c/7e2963773760a664684435201...

https://git.kernel.org/stable/c/203c792cb4315360d49973ae2...

https://git.kernel.org/stable/c/9ee1770fcb2f1b48354622b92...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43470 Data

JSON