Description
In the Linux kernel, the following vulnerability has been resolved:

fuse: fix uninit-value in fuse_dentry_revalidate()

fuse_dentry_revalidate() may be called with a dentry that didn't had
->d_time initialised. The issue was found with KMSAN, where lookup_open()
calls __d_alloc(), followed by d_revalidate(), as shown below:

=====================================================
BUG: KMSAN: uninit-value in fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394
fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394
d_revalidate fs/namei.c:1030 [inline]
lookup_open fs/namei.c:4405 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1614/0x64c0 fs/namei.c:4827
do_file_open+0x2aa/0x680 fs/namei.c:4859
[...]

Uninit was created at:
slab_post_alloc_hook mm/slub.c:4466 [inline]
slab_alloc_node mm/slub.c:4788 [inline]
kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4807
__d_alloc+0x55/0xa00 fs/dcache.c:1740
d_alloc_parallel+0x99/0x2740 fs/dcache.c:2604
lookup_open fs/namei.c:4398 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x135f/0x64c0 fs/namei.c:4827
do_file_open+0x2aa/0x680 fs/namei.c:4859
[...]
=====================================================
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the function fuse_dentry_revalidate() may read an uninitialized element of a dentry structure. Because the d_time field can be stale or garbage when a dentry is freshly allocated, the kernel may process invalid data during directory entry validation. This uninitialized read can potentially leak internal kernel memory or trigger undefined kernel behavior, such as a crash, which may jeopardize system stability or allow secret data disclosure. The description does not indicate that the flaw directly permits code execution, but information leakage and destabilization can be significant in a privileged environment.

Affected Systems

Any Linux kernel distribution running a version that does not incorporate the recent fix will be affected. The corresponding commit identifiers are 3ac9117ba3deab8a5dd22847355f861686f4bee7, 5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd, and da3d241c5b925f17a9d8051d7a9e0d454d8e01f6, which are present in the upstream kernel's latest stable releases. Users should consult their distribution’s kernel changelog to determine whether the fix is included early in their release cycle.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is <1%, and the vulnerability is not listed in the CISA KEV catalog. The vulnerability requires that the attacker can trigger fuse_dentry_revalidate, which occurs during normal FUSE filesystem operations such as opening a path. Therefore the risk vector is local or limited to users who can mount or access a FUSE filesystem. An attacker with sufficient local privileges could exploit the flaw to read kernel memory or force a fault, but the mechanism does not appear to enable remote code execution directly. The likelihood of exploitation remains uncertain until a demonstrable exploit emerges.

Generated by OpenCVE AI on June 29, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the fuse_dentry_revalidate fix (commits 3ac9117ba3deab8a5dd22847355f861686f4bee7, 5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd, and da3d241c5b925f17a9d8051d7a9e0d454d8e01f6).
  • If a kernel update is not immediately possible, disable unnecessary FUSE mounts or restrict FUSE usage to trusted users to limit the exposure of the bug.
  • Follow vendor backport patches or await distribution‑specific kernel releases that incorporate the fix.

Generated by OpenCVE AI on June 29, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-234

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Fri, 26 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-234

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fuse_dentry_revalidate() fuse_dentry_revalidate() may be called with a dentry that didn't had ->d_time initialised. The issue was found with KMSAN, where lookup_open() calls __d_alloc(), followed by d_revalidate(), as shown below: ===================================================== BUG: KMSAN: uninit-value in fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394 fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394 d_revalidate fs/namei.c:1030 [inline] lookup_open fs/namei.c:4405 [inline] open_last_lookups fs/namei.c:4583 [inline] path_openat+0x1614/0x64c0 fs/namei.c:4827 do_file_open+0x2aa/0x680 fs/namei.c:4859 [...] Uninit was created at: slab_post_alloc_hook mm/slub.c:4466 [inline] slab_alloc_node mm/slub.c:4788 [inline] kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4807 __d_alloc+0x55/0xa00 fs/dcache.c:1740 d_alloc_parallel+0x99/0x2740 fs/dcache.c:2604 lookup_open fs/namei.c:4398 [inline] open_last_lookups fs/namei.c:4583 [inline] path_openat+0x135f/0x64c0 fs/namei.c:4827 do_file_open+0x2aa/0x680 fs/namei.c:4859 [...] =====================================================
Title fuse: fix uninit-value in fuse_dentry_revalidate()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:04.890Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53311

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53311 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T15:30:05Z

Weaknesses
  • CWE-908

    Use of Uninitialized Resource