CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse uring init queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa alloc local fails during io uring queue entry setup, the code proceeds with NULL pointers. When fuse uring register queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.