CVE-2026-53311

In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fuse_dentry_revalidate() fuse_dentry_revalidate() may be called with a dentry that didn't had ->d_time initialised. The issue was found with KMSAN, where lookup_open() calls __d_alloc(), followed by d_revalidate(), as shown below: ===================================================== BUG: KMSAN: uninit-value in fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394 fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394 d_revalidate fs/namei.c:1030 [inline] lookup_open fs/namei.c:4405 [inline] open_last_lookups fs/namei.c:4583 [inline] path_openat+0x1614/0x64c0 fs/namei.c:4827 do_file_open+0x2aa/0x680 fs/namei.c:4859 [...] Uninit was created at: slab_post_alloc_hook mm/slub.c:4466 [inline] slab_alloc_node mm/slub.c:4788 [inline] kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4807 __d_alloc+0x55/0xa00 fs/dcache.c:1740 d_alloc_parallel+0x99/0x2740 fs/dcache.c:2604 lookup_open fs/namei.c:4398 [inline] open_last_lookups fs/namei.c:4583 [inline] path_openat+0x135f/0x64c0 fs/namei.c:4827 do_file_open+0x2aa/0x680 fs/namei.c:4859 [...] =====================================================
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

06 Jul 2026, 20:14

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/3ac9117ba3deab8a5dd22847355f861686f4bee7 - () https://git.kernel.org/stable/c/3ac9117ba3deab8a5dd22847355f861686f4bee7 - Patch
References () https://git.kernel.org/stable/c/5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd - () https://git.kernel.org/stable/c/5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd - Patch
References () https://git.kernel.org/stable/c/da3d241c5b925f17a9d8051d7a9e0d454d8e01f6 - () https://git.kernel.org/stable/c/da3d241c5b925f17a9d8051d7a9e0d454d8e01f6 - Patch
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-908

26 Jun 2026, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-26 20:17

Updated : 2026-07-06 20:14


NVD link : CVE-2026-53311

Mitre link : CVE-2026-53311

CVE.ORG link : CVE-2026-53311


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-908

Use of Uninitialized Resource