CVE-2026-57918
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
A vulnerability in libnfs up to version 6.0.2 before commit 935b8db causes an integer underflow in the xid field in the READ_IOVEC function in lib/socket.c. The issue occurs when connecting to a crafted NFS server, where the expected PDU size exceeds the absolute PDU size from the xid/record-marker.
Risk Assessment
An attacker could exploit this vulnerability to cause unexpected behavior, potentially leading to crashes or data integrity issues in applications using libnfs.
Recommendation
Update libnfs to a version containing commit 935b8db or later, which fixes the integer underflow issue.
Original NVD description (English source)
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.

