PT-2026-42400 · Fusefs · Fusefs
Joshua Rogers
·
Published
2026-05-21
·
Updated
2026-05-21
·
CVE-2026-45252
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
fusefs (affected versions not specified)
Description
When a fusefs file system implements extended attributes, the kernel may send a FUSE LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module uses the
strlen() function on this buffer without verifying that the list is NUL-terminated. A malicious daemon can send a non-NUL-terminated list, causing the kernel module to read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. This can lead to the disclosure of up to 253 bytes of kernel heap memory or the injection of up to 250 attacker-controlled bytes into unallocated kernel heap space.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fusefs