Description
In the Linux kernel, the following vulnerability has been resolved:

fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios

FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios; !uptodate folios
can contain uninitialized data.
Since FUSE_NOTIFY_RETRIEVE is intended to only return data that is already
in the page cache and not wait for data from the FUSE daemon, treat
!uptodate folios as if they weren't present.

This only has security impact on systems that don't enable automatic
zero-initialization of all page allocations via
CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1.
Published: 2026-06-25
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel module FUSE contains a flaw where the FUSE_NOTIFY_RETRIEVE function can read data from folios that are not marked as uptodate. Such folios may contain uninitialized memory, meaning they can expose garbage or potentially sensitive kernel data to user‑space applications. The vulnerability does not directly allow arbitrary code execution but can leak kernel contents, violating confidentiality and potentially aiding further attacks.

Affected Systems

The problem exists in all Linux kernel releases that include the FUSE filesystem driver and do not enable the automatic zero‑initialisation feature. All vendors using a standard Linux kernel configuration (e.g., those distributing a Linux:Linux kernel) are affected. No specific version numbers are listed, so any kernel prior to the patch that lacks CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1 is potentially vulnerable.

Risk and Exploitability

Based on the description, it is inferred that the vulnerability can only be triggered by a local user interacting with the FUSE filesystem, as it operates on the kernel’s page cache and requires access to FUSE_NOTIFY_RETRIEVE. The likely attack vector therefore involves local privilege compromise; there is no publicly documented remote exploitation path. The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog, suggesting low to moderate exploitation probability without a known exploit. The CVSS score is 7.0, indicating moderate severity. Nevertheless, any system that processes FUSE requests with an unchecked folio can inadvertently reveal kernel memory contents, which may aid attackers in building a more sophisticated attack.

Generated by OpenCVE AI on June 26, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Enable CONFIG_INIT_ON_ALLOC_DEFAULT_ON or set init_on_alloc=1 to force zero‑initialisation of all page allocations
  • Rebuild and deploy a kernel that has the above configuration or uses the latest version where the issue is fixed
  • If a patch is not yet available, avoid using uninitialized folios by ensuring FUSE_NOTIFY_RETRIEVE is only called on uptodate buffers; apply the kernel commit that restricts the function to uptodate folios when it becomes available

Generated by OpenCVE AI on June 26, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6381-1 linux security update
History

Sat, 04 Jul 2026 12:15:00 +0000


Fri, 26 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSE_NOTIFY_RETRIEVE is intended to only return data that is already in the page cache and not wait for data from the FUSE daemon, treat !uptodate folios as if they weren't present. This only has security impact on systems that don't enable automatic zero-initialization of all page allocations via CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1.
Title fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-04T11:51:00.957Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53167

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53167 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T15:30:02Z

Weaknesses
  • CWE-908

    Use of Uninitialized Resource