CVE-2026-53168 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00176.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/12df4cfa738aefff21756728e91056d7defb0fe6
https://git.kernel.org/stable/c/15487f98863dc7156ed43c5be26d478beb82ba35
https://git.kernel.org/stable/c/99c317d7f8b7bbf3de16d20a01f363e390114cea
https://git.kernel.org/stable/c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94
https://git.kernel.org/stable/c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6
https://git.kernel.org/stable/c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca
https://git.kernel.org/stable/c/dd92773d4d9cea010474eb08a5133c14ff6ab53a
https://git.kernel.org/stable/c/e692f0cb86204dcdb9dddc0b355407eda6394a67

History

Thu, 25 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-767

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.
Title		fuse: reject fuse_notify() pagecache ops on directories
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/12df4cfa738aefff21756728e91056d7defb0fe6 https://git.kernel.org/stable/c/15487f98863dc7156ed43c5be26d478beb82ba35 https://git.kernel.org/stable/c/99c317d7f8b7bbf3de16d20a01f363e390114cea https://git.kernel.org/stable/c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94 https://git.kernel.org/stable/c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6 https://git.kernel.org/stable/c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca https://git.kernel.org/stable/c/dd92773d4d9cea010474eb08a5133c14ff6ab53a https://git.kernel.org/stable/c/e692f0cb86204dcdb9dddc0b355407eda6394a67

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:47.420Z

Updated: 2026-06-25T08:38:47.420Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53168

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T15:00:05Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object