Linux Kernel Vulnerability in FUSE Dentry Revalidation Process
CVE-2026-53311

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53311?

The Linux kernel's file system implementation for FUSE has a vulnerability that occurs during the dentry revalidation process. Specifically, the function fuse_dentry_revalidate() can be invoked with a dentry that has not had its ->d_time initialized. This oversight was identified using KMSAN, which reported an issue related to uninitialized values, potentially allowing for erratic behavior during file operations. This vulnerability could lead to unexpected consequences in file handling within the FUSE file system.

Affected Version(s)

Linux 2396356a945bb022aff02656f59c2a45d457043f

Linux 2396356a945bb022aff02656f59c2a45d457043f < 3ac9117ba3deab8a5dd22847355f861686f4bee7

Linux 2396356a945bb022aff02656f59c2a45d457043f < 5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd

References

https://git.kernel.org/stable/c/da3d241c5b925f17a9d8051d7...

https://git.kernel.org/stable/c/3ac9117ba3deab8a5dd228473...

https://git.kernel.org/stable/c/5a6baf204610589f8a5b5a1cd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53311 Data

JSON