CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/libfuse/libfuse/commit/7beb86c09b6ec5aab14dc25256ed8a5ad18554d7	Patch
https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2	Product Release Notes
https://github.com/libfuse/libfuse/security/advisories/GHSA-x669-v3mq-r358	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libfuse_project:libfuse:*:*:*:*:*:*:*:*

History

27 Mar 2026, 21:20

Type	Values Removed	Values Added
CPE		cpe:2.3:a:libfuse_project:libfuse::::::::
First Time		Libfuse Project Libfuse Project libfuse
References	~~() https://github.com/libfuse/libfuse/commit/7beb86c09b6ec5aab14dc25256ed8a5ad18554d7 -~~	() https://github.com/libfuse/libfuse/commit/7beb86c09b6ec5aab14dc25256ed8a5ad18554d7 - Patch
References	~~() https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2 -~~	() https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2 - Product, Release Notes
References	~~() https://github.com/libfuse/libfuse/security/advisories/GHSA-x669-v3mq-r358 -~~	() https://github.com/libfuse/libfuse/security/advisories/GHSA-x669-v3mq-r358 - Vendor Advisory
Summary		(es) libfuse es la implementación de referencia de FUSE de Linux. Desde la versión 3.18.0 hasta antes de la versión 3.18.2, una desreferencia de puntero NULL y una fuga de memoria en fuse_uring_init_queue permiten a un usuario local bloquear el demonio FUSE o causar agotamiento de recursos. Cuando numa_alloc_local falla durante la configuración de la entrada de la cola io_uring, el código procede con punteros NULL. Cuando fuse_uring_register_queue falla, las asignaciones NUMA se filtran y la función devuelve éxito incorrectamente. Solo el transporte io_uring se ve afectado; la ruta tradicional /dev/fuse no se ve afectada. PoC confirmado con AddressSanitizer/LeakSanitizer. Este problema ha sido parcheado en la versión 3.18.2.

20 Mar 2026, 21:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-20 21:17

Updated : 2026-03-27 21:20

NVD link : CVE-2026-33179

Mitre link : CVE-2026-33179

CVE.ORG link : CVE-2026-33179

JSON object : View

Products Affected

libfuse_project

libfuse

CWE

CWE-476

NULL Pointer Dereference

5.5 /10