Home

Description

In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context where the kernel's internal file_kattr structure is initialized before calling vfs_fileattr_get(), we should use the same mechanism when using fa. [1] BUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 vfs_fileattr_get fs/file_attr.c:94 [inline] __do_sys_file_getattr fs/file_attr.c:416 [inline] Local variable fa.i created at: __do_sys_file_getattr fs/file_attr.c:380 [inline] __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372

PUBLISHED Reserved 2026-05-01 | Published 2026-05-08 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

be7efb2d20d67f334a7de2aef77ae6c69367e646 (git) before 379e19e820dd1c6145426b97467728b3b89c0b42
affected

be7efb2d20d67f334a7de2aef77ae6c69367e646 (git) before b8c182b2c8c44c6016b11d8af61715ad7ef958a1
affected

be7efb2d20d67f334a7de2aef77ae6c69367e646 (git) before cb184dd19154fc486fa3d9e02afe70a97e54e055
affected

Default status
affected

6.17
affected

Any version before 6.17
unaffected

6.18.19 (semver)
unaffected

6.19.9 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/379e19e820dd1c6145426b97467728b3b89c0b42

git.kernel.org/...c/b8c182b2c8c44c6016b11d8af61715ad7ef958a1

git.kernel.org/...c/cb184dd19154fc486fa3d9e02afe70a97e54e055

cve.org (CVE-2026-43474)

nvd.nist.gov (CVE-2026-43474)

Download JSON