Description
In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse_notify() pagecache ops on directories

The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the
FUSE daemon to actively write/read pagecache contents.

For directories with FOPEN_CACHE_DIR, the pagecache is used as
kernel-internal cache storage, and userspace is not supposed to have
direct access to this cache - in particular, fuse_parse_cache() will hit
WARN_ON() if the cache contains bogus data.

Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than
regular files with -EINVAL.
Published: 2026-06-25
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The defect resides in the kernel’s FUSE layer, where the operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE can be used to write and read page‑cache data for directories that are meant for kernel‑internal caching. This weakness is a CWE‑266 issue involving improper authorization controls. The kernel’s own page‑cache logic rejects such operations for regular files, but before the patch it was possible for a FUSE daemon to invoke these operations on a directory, leading to the kernel’s WARN_ON being triggered and potentially a panic or memory corruption. Consequently, an attacker who can control or tamper with a FUSE daemon may cause the entire system to become unstable or crash, resulting in a denial of service.

Affected Systems

All Linux kernels that contain the FUSE filesystem and expose the two notify operations are affected. The vulnerability applies across vendor distributions that ship the unpatched kernel, regardless of its release version. Exact version boundaries are not specified; administrators should verify whether their running kernel includes the commit that adds the check rejecting these ops on directories.

Risk and Exploitability

The CVSS score of 7.0 reflects a moderate‑to‑high severity impact focused on availability, not confidentiality or integrity. The EPSS score of <1% indicates a low probability of exploitation in the in the CISA analysis. A likely attack vector is an attacker controlling or compromising a FUSE daemon, which typically requires local system access or elevated privileges. The flaw does not provide a pathway to privilege escalation or arbitrary code execution; it primarily permits a local privileged actor to trigger kernel instability or a panic, effectively denying service to the affected host.

Generated by OpenCVE AI on June 26, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that contains the patch rejecting fuse_notify() page‑cache operations on directories.
  • If a kernel update cannot be applied immediately, avoid using any FUSE mounts that rely on directory page‑cache operations; consider unmounting them or the kernel is patched.
  • Configure monitoring to flag WARN_ON or panic logs associated with FUSE operations and set alerts so that the issue can be detected and remedied before a full system outage occurs.

Generated by OpenCVE AI on June 26, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Fri, 26 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-767

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-767

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.
Title fuse: reject fuse_notify() pagecache ops on directories
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:38:47.420Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53168

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53168 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:30:03Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment