CVE-2026-43474

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An uninitialized value bug exists where flags valid is not initialized before the vfs fileattr get() function is called. This issue occurs because the fa variable is not handled with the same initialization mechanism as the internal file kattr structure, potentially leading to instability in filesystem handlers, including those used in WSL and Azure containers. The issue was identified via a KMSAN report involving the fuse fileattr get() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.