Linux Kernel NFS Vulnerability Involving LOCALIO Functionality
CVE-2026-46256

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-46256?

A vulnerability in the Linux kernel affects the LOCALIO feature used with NFS loopback mounts, allowing the potential for recursion deadlock. This primarily arises when NFS operations are optimized to skip network traffic due to the client and server being on the same system. However, this implementation inadvertently makes it vulnerable to deadlocks during direct reclaim processes. To mitigate this risk, the kernel has implemented a fix ensuring that all page cache allocations from LOCALIO are executed within the GFP_NOFS context, effectively preventing the path that leads to stack overflows.

Affected Version(s)

Linux 70ba381e1a431245c137ed597ec6a05991c79bd9

Linux 70ba381e1a431245c137ed597ec6a05991c79bd9 < 6a5de0c4fc0f217eea945d3d72c34ee30d72cbc9

Linux 70ba381e1a431245c137ed597ec6a05991c79bd9 < 67435d2d8a33a75f9647724952cb1b18279d2e95

References

https://git.kernel.org/stable/c/ae26a4cf2baf0a44c538dc093...

https://git.kernel.org/stable/c/6a5de0c4fc0f217eea945d3d7...

https://git.kernel.org/stable/c/67435d2d8a33a75f964772495...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46256 Data

JSON