Directory Entry Overflow in Linux Kernel FUSE Implementation
CVE-2026-31694

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31694?

The Linux kernel's implementation of FUSE is vulnerable to a directory entry overflow due to improper validation of serialized directory entries. Specifically, the function fuse_add_dirent_to_cache() fails to verify whether a directory entry exceeds the maximum allowable size, allowing a malicious FUSE server to craft oversized directory entries. This oversight can lead to memory overflow situations, compromising the integrity of the kernel's memory management. By rejecting oversized directory entries prior to caching them, a more secure approach can effectively mitigate such vulnerabilities, safeguarding system stability and reliability.

Affected Version(s)

Linux 69e34551152a286f827d54dcb5700da6aeaac1fb

Linux 69e34551152a286f827d54dcb5700da6aeaac1fb < 45c05af36311624c1148123caeb011312495d86b

Linux 69e34551152a286f827d54dcb5700da6aeaac1fb < 7de93abfaae1b2dc94da8a07a36421bd073f1d8f

References

https://git.kernel.org/stable/c/d23ad78bfd205eac26766e38b...

https://git.kernel.org/stable/c/45c05af36311624c1148123ca...

https://git.kernel.org/stable/c/7de93abfaae1b2dc94da8a07a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31694 Data

JSON