CVE-2026-53168

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse notify() pagecache ops on directories

The operations FUSE NOTIFY STORE and FUSE NOTIFY RETRIEVE allow the FUSE daemon to actively write/read pagecache contents.

For directories with FOPEN CACHE DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse parse cache() will hit WARN ON() if the cache contains bogus data.

Reject FUSE NOTIFY STORE and FUSE NOTIFY RETRIEVE on anything other than regular files with -EINVAL.