Home

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-25 | Updated 2026-06-25 | Assigner Linux

Product status

Default status
unaffected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before 15487f98863dc7156ed43c5be26d478beb82ba35
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before bd23fa0c16c5c86e5b7713224ffbb87d9db81cca
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before 9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before dd92773d4d9cea010474eb08a5133c14ff6ab53a
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before 99c317d7f8b7bbf3de16d20a01f363e390114cea
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before 12df4cfa738aefff21756728e91056d7defb0fe6
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before e692f0cb86204dcdb9dddc0b355407eda6394a67
affected

5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0 (git) before 9c954499d43aefac01c5dfb57a82b13d2dcf4b94
affected

Default status
affected

4.20
affected

Any version before 4.20
unaffected

5.10.259 (semver)
unaffected

5.15.210 (semver)
unaffected

6.1.176 (semver)
unaffected

6.6.143 (semver)
unaffected

6.12.94 (semver)
unaffected

6.18.36 (semver)
unaffected

7.0.13 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/15487f98863dc7156ed43c5be26d478beb82ba35

git.kernel.org/...c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca

git.kernel.org/...c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6

git.kernel.org/...c/dd92773d4d9cea010474eb08a5133c14ff6ab53a

git.kernel.org/...c/99c317d7f8b7bbf3de16d20a01f363e390114cea

git.kernel.org/...c/12df4cfa738aefff21756728e91056d7defb0fe6

git.kernel.org/...c/e692f0cb86204dcdb9dddc0b355407eda6394a67

git.kernel.org/...c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94

cve.org (CVE-2026-53168)

nvd.nist.gov (CVE-2026-53168)

Download JSON