CVE-2026-43474 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context where the kernel's internal file_kattr structure is initialized before calling vfs_fileattr_get(), we should use the same mechanism when using fa. [1] BUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 vfs_fileattr_get fs/file_attr.c:94 [inline] __do_sys_file_getattr fs/file_attr.c:416 [inline] Local variable fa.i created at: __do_sys_file_getattr fs/file_attr.c:380 [inline] __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372

PUBLISHED Reserved 2026-05-01 | Published 2026-05-08 | Updated 2026-05-08 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 379e19e820dd1c6145426b97467728b3b89c0b42

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b8c182b2c8c44c6016b11d8af61715ad7ef958a1

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before cb184dd19154fc486fa3d9e02afe70a97e54e055

affected

Default status

affected

6.18.19 (semver)

unaffected

6.19.9 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/379e19e820dd1c6145426b97467728b3b89c0b42

git.kernel.org/...c/b8c182b2c8c44c6016b11d8af61715ad7ef958a1

git.kernel.org/...c/cb184dd19154fc486fa3d9e02afe70a97e54e055

cve.org (CVE-2026-43474)

nvd.nist.gov (CVE-2026-43474)

Download JSON