239 matches found
SUSE CVE-2026-53311
In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fusedentryrevalidate fusedentryrevalidate may be called with a dentry that didn't had -dtime initialised. The issue was found with KMSAN, where lookupopen calls dalloc, followed by drevalidate, as shown...
CVE-2026-53311
In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fusedentryrevalidate fusedentryrevalidate may be called with a dentry that didn't had -dtime initialised. The issue was found with KMSAN, where lookupopen calls dalloc, followed by drevalidate, as shown...
SUSE-SU-2026:22421-1 Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
Astra Linux – Vulnerability in Linux
A issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, also known as CID-5d069dbe8aaf. The fusedogetattr function calls makebadinode in inappropriate situations, causing a system crash. NOTE: The original fix for this vulnerability was incomplete, and its...
EUVD-2026-31254
When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free flaw was discovered in the Linux kernel’s FUSE filesystem, where a user triggers the write function. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fuse: fixed the runtime warning in truncatefoliobatchexceptionals The WARNONONCE flag was introduced in truncatefoliobatchexceptionals to determine whether the filesystem has removed all DAX entries. This fix has been applied ...
fuse: reject oversized dirents in page cache
...
CVE-2026-31694
In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...
CVE-2026-31465
In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SBINODATAINTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set, sy...
CVE-2026-31465 writeback: don't block sync for filesystems with no data integrity guarantees
In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SBINODATAINTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set, sy...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000688)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000688 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mountin...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003603)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003603 advisory. The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003029)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003029 advisory. A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001952)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001952 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mountin...
CVE-2025-68805
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
PT-2026-6179
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s fs/writeback functionality, specifically within the wait sb inodes function. The issue involves skipping AS NO DATA INTEGRITY mappings, which can caus...
Linux Distros Unpatched Vulnerability : CVE-2025-40220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file,...
EUVD-2016-3926
Malware in sbrugna...
EUVD-2020-23861
Malware in sbrugna...