5 matches found
CVE-2026-33150
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...
CVE-2026-33150 Use After Free in libfuse
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...
CVE-2026-33150
CVE-2026-33150 affects libfuse: the io_uring subsystem vulnerability exists from 3.18.0 up to just before 3.18.2. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool but stores a dangling pointer in the session state, caus...
EUVD-2026-13786
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...
PT-2026-26675
Name of the Vulnerable Software and Affected Versions libfuse versions 3.18.0 through 3.18.1 Description libfuse, the reference implementation of the Linux FUSE, contains a flaw in its io uring subsystem. A use-after-free condition exists from versions 3.18.0 up to, but not including, 3.18.2. Thi...