Impact
The Linux kernel module FUSE contains a flaw where the FUSE_NOTIFY_RETRIEVE function can read data from folios that are not marked as uptodate. Such folios may contain uninitialized memory, meaning they can expose garbage or potentially sensitive kernel data to user‑space applications. The vulnerability does not directly allow arbitrary code execution but can leak kernel contents, violating confidentiality and potentially aiding further attacks.
Affected Systems
The problem exists in all Linux kernel releases that include the FUSE filesystem driver and do not enable the automatic zero‑initialisation feature. All vendors using a standard Linux kernel configuration (e.g., those distributing a Linux:Linux kernel) are affected. No specific version numbers are listed, so any kernel prior to the patch that lacks CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1 is potentially vulnerable.
Risk and Exploitability
Based on the description, it is inferred that the vulnerability can only be triggered by a local user interacting with the FUSE filesystem, as it operates on the kernel’s page cache and requires access to FUSE_NOTIFY_RETRIEVE. The likely attack vector therefore involves local privilege compromise; there is no publicly documented remote exploitation path. The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog, suggesting low to moderate exploitation probability without a known exploit. The CVSS score is 7.0, indicating moderate severity. Nevertheless, any system that processes FUSE requests with an unchecked folio can inadvertently reveal kernel memory contents, which may aid attackers in building a more sophisticated attack.
OpenCVE Enrichment
Debian DSA