CVE-2026-31713 - Vulnerability Details

- fuse: abort on fatal signal during sync init

Description

In the Linux kernel, the following vulnerability has been resolved:

fuse: abort on fatal signal during sync init

When sync init is used and the server exits for some reason (error, crash)
while processing FUSE_INIT, the filesystem creation will hang. The reason
is that while all other threads will exit, the mounting thread (or process)
will keep the device fd open, which will prevent an abort from happening.

This is a regression from the async mount case, where the mount was done
first, and the FUSE_INIT processing afterwards, in which case there's no
such recursive syscall keeping the fd open.

Published: 2026-05-01

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s FUSE subsystem contains a flaw that can cause a mounting operation to hang when the FUSE server process exits or crashes during synchronous initialization. During sync init, the mounting thread keeps the device file descriptor open, preventing the kernel from aborting the mount and leaving the filesystem creation stalled. The effect is a resource exhaustion condition that blocks further operations on the affected filesystem, thereby denying availability to any service that relies on it. This weakness is a form of improper resource management (CWE-911).

Affected Systems

All Linux kernels that include the FUSE driver and perform synchronous mounts are subject to this issue. No specific kernel version is cited in the advisories, so every release prior to the patch is potentially vulnerable. Systems that deploy custom or older kernels and use synchronous FUSE mounts are at particular risk, regardless of distribution. The bug applies to any scenario where sync init is enabled for a FUSE mount.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is unavailable while the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker who can cause the FUSE server to receive a fatal signal—such as by sending a kill command or exploiting a crash in the server code—can trigger the hang. The likely attack vector is local or remote access to the server process. Because the condition requires a server crash during sync init and no public exploitation is documented, the likelihood of exploitation is moderate and requires monitoring of vulnerable environments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`dfb84c33079497bf27058b15780e1c7bba4c371b`	affected	< 0c7fca880a40a209a9c92be14143996d14b93ff6
`dfb84c33079497bf27058b15780e1c7bba4c371b`	affected	< 300e812b882a174dca675d8028684001ad5826bc
`dfb84c33079497bf27058b15780e1c7bba4c371b`	affected	< 204aa22a686bfee48daca7db620c1e017615f2ff

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.25`	unaffected	≤ 6.18.*
`7.0.2`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[dfb84c33079497bf27058b15780e1c7bba4c371b,0c7fca880a40a209a9c92be14143996d14b93ff6)`	affected	code_commit	—
`[dfb84c33079497bf27058b15780e1c7bba4c371b,300e812b882a174dca675d8028684001ad5826bc)`	affected	code_commit	—
`[dfb84c33079497bf27058b15780e1c7bba4c371b,204aa22a686bfee48daca7db620c1e017615f2ff)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	generic	—
`[6.18.25,6.19.0)`	unaffected	semver	—
`[7.0.2,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the system to a Linux kernel that contains the FUSE init bug fix or apply the backport patch documented in the kernel commit logs.
If an immediate kernel upgrade is not feasible, avoid using synchronous mounts by disabling sync init or switching to asynchronous mounting options to mitigate the hang condition.
Deploy monitoring or watchdog mechanisms to detect stalled FUSE mounts and automatically clean up or restart the mount process to restore availability.

Generated by OpenCVE AI on May 2, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0c7fca880a40a209a9c92be14143996d14b93ff6
https://git.kernel.org/stable/c/204aa22a686bfee48daca7db620c1e017615f2ff
https://git.kernel.org/stable/c/300e812b882a174dca675d8028684001ad5826bc
https://lore.kernel.org/linux-cve-announce/2026050123-CVE-2026-31713-2109@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31713
https://www.cve.org/CVERecord?id=CVE-2026-31713

History

Sat, 02 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-399 CWE-404

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026050123-CVE-2026-31713-2109@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31713 https://www.cve.org/CVERecord?id=CVE-2026-31713
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sat, 02 May 2026 00:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399 CWE-404

Fri, 01 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.
Title		fuse: abort on fatal signal during sync init
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0c7fca880a40a209a9c92be14143996d14b93ff6 https://git.kernel.org/stable/c/204aa22a686bfee48daca7db620c1e017615f2ff https://git.kernel.org/stable/c/300e812b882a174dca675d8028684001ad5826bc

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T13:56:09.254Z

Updated: 2026-05-01T13:56:09.254Z

Reserved: 2026-03-09T15:48:24.133Z

Link: CVE-2026-31713

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T14:16:21.390

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31713

Redhat

Severity : Low

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31713 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T13:00:06Z

Weaknesses

CWE-911

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object