CVE-2026-30656 | THREATINT

Description

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.

PUBLISHED Reserved 2026-03-04 | Published 2026-04-16 | Updated 2026-04-16 | Assigner mitre

References

github.com/axboe/fio/issues/2055

gist.github.com/Criticayon/eb5e69163bfa4ce684e62ed5c939b76e

cve.org (CVE-2026-30656)

nvd.nist.gov (CVE-2026-30656)

Download JSON