GHSA-r29v-cgxr-pghgMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify()...

Published
June 25, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse_notify() pagecache ops on directories

The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents.

For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data.

Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.

🔗 References (10)