FUSE synchronization issue in Linux Kernel affecting filesystem creation
CVE-2026-31713

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31713?

A vulnerability in the Linux kernel relates to the FUSE (Filesystem in Userspace) mechanism, where the process can hang during filesystem creation. This occurs if a fatal signal interrupts the server during the FUSE_INIT phase. The design flaw permits the mounting thread to retain the device file descriptor, inhibiting an abort process. This behavior is a regression from previous implementations where mounting took place asynchronously, avoiding the recursive system call that locks the file descriptor during errors or crashes.

Affected Version(s)

Linux dfb84c33079497bf27058b15780e1c7bba4c371b < 0c7fca880a40a209a9c92be14143996d14b93ff6

Linux dfb84c33079497bf27058b15780e1c7bba4c371b < 300e812b882a174dca675d8028684001ad5826bc

Linux dfb84c33079497bf27058b15780e1c7bba4c371b < 204aa22a686bfee48daca7db620c1e017615f2ff

References

https://git.kernel.org/stable/c/0c7fca880a40a209a9c92be14...

https://git.kernel.org/stable/c/300e812b882a174dca675d802...

https://git.kernel.org/stable/c/204aa22a686bfee48daca7db6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31713 Data

JSON