PT-2026-52264 · Linux · Linux
Published
2026-06-25
·
Updated
2026-06-25
·
CVE-2026-53168
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject fuse notify() pagecache ops on directories
The operations FUSE NOTIFY STORE and FUSE NOTIFY RETRIEVE allow the
FUSE daemon to actively write/read pagecache contents.
For directories with FOPEN CACHE DIR, the pagecache is used as
kernel-internal cache storage, and userspace is not supposed to have
direct access to this cache - in particular, fuse parse cache() will hit
WARN ON() if the cache contains bogus data.
Reject FUSE NOTIFY STORE and FUSE NOTIFY RETRIEVE on anything other than
regular files with -EINVAL.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux