CVE-2026-53311
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fuse: fix uninit-value in fuse_dentry_revalidate()<br />
<br />
fuse_dentry_revalidate() may be called with a dentry that didn&#39;t had<br />
->d_time initialised. The issue was found with KMSAN, where lookup_open()<br />
calls __d_alloc(), followed by d_revalidate(), as shown below:<br />
<br />
=====================================================<br />
BUG: KMSAN: uninit-value in fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394<br />
fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394<br />
d_revalidate fs/namei.c:1030 [inline]<br />
lookup_open fs/namei.c:4405 [inline]<br />
open_last_lookups fs/namei.c:4583 [inline]<br />
path_openat+0x1614/0x64c0 fs/namei.c:4827<br />
do_file_open+0x2aa/0x680 fs/namei.c:4859<br />
[...]<br />
<br />
Uninit was created at:<br />
slab_post_alloc_hook mm/slub.c:4466 [inline]<br />
slab_alloc_node mm/slub.c:4788 [inline]<br />
kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4807<br />
__d_alloc+0x55/0xa00 fs/dcache.c:1740<br />
d_alloc_parallel+0x99/0x2740 fs/dcache.c:2604<br />
lookup_open fs/namei.c:4398 [inline]<br />
open_last_lookups fs/namei.c:4583 [inline]<br />
path_openat+0x135f/0x64c0 fs/namei.c:4827<br />
do_file_open+0x2aa/0x680 fs/namei.c:4859<br />
[...]<br />
=====================================================



