Skip to main content

Linux Kernel CVE-2026-53311

| EUVDEUVD-2026-39846 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-06-26 Linux GHSA-32q2-cq6r-mpm8
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access and low-privilege user required to trigger FUSE path; only availability impact confirmed, no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:34 vuln.today
CVSS changed
Jul 06, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 26, 2026 - 19:41 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fuse: fix uninit-value in fuse_dentry_revalidate()

fuse_dentry_revalidate() may be called with a dentry that didn't had ->d_time initialised. The issue was found with KMSAN, where lookup_open() calls __d_alloc(), followed by d_revalidate(), as shown below:

============= BUG: KMSAN: uninit-value in fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394 fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394 d_revalidate fs/namei.c:1030 [inline] lookup_open fs/namei.c:4405 [inline] open_last_lookups fs/namei.c:4583 [inline] path_openat+0x1614/0x64c0 fs/namei.c:4827 do_file_open+0x2aa/0x680 fs/namei.c:4859 [...]

Uninit was created at: slab_post_alloc_hook mm/slub.c:4466 [inline] slab_alloc_node mm/slub.c:4788 [inline] kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4807 __d_alloc+0x55/0xa00 fs/dcache.c:1740 d_alloc_parallel+0x99/0x2740 fs/dcache.c:2604 lookup_open fs/namei.c:4398 [inline] open_last_lookups fs/namei.c:4583 [inline] path_openat+0x135f/0x64c0 fs/namei.c:4827 do_file_open+0x2aa/0x680 fs/namei.c:4859 [...] =============

AnalysisAI

Uninitialized memory read in the Linux kernel FUSE filesystem driver causes local denial-of-service conditions. Specifically, fuse_dentry_revalidate() in fs/fuse/dir.c reads the ->d_time field of a dentry that was allocated by __d_alloc() without initialization, detectable by KMSAN as a use-before-initialize defect. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user session
Delivery
Mount or access FUSE filesystem
Exploit
Open file triggering lookup_open
Execution
__d_alloc creates uninitialized dentry
Persist
fuse_dentry_revalidate reads uninit d_time
Impact
Kernel panic causes system crash

Vulnerability AssessmentAI

Exploitation Exploitation requires local authenticated access (CVSS PR:L) to a system running an affected kernel version. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H accurately reflects local, low-complexity exploitation with high availability impact and no confidentiality or integrity consequence - consistent with a kernel crash triggered by an authenticated local user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on a Linux system running an affected kernel mounts a FUSE filesystem using a userspace program (e.g., sshfs, bindfs, or a custom FUSE implementation). The user then opens a file within that mount, triggering `lookup_open()` in the kernel's VFS layer, which allocates an uninitialized dentry and immediately passes it to `fuse_dentry_revalidate()`. …
Remediation The primary fix is to update to a patched Linux kernel version: 7.0.10 or later in the 7.0.x series, 6.18.34 or later in the 6.18.x series, or 7.1 and later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53311 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy