CVE-2026-53168

Source
https://cve.org/CVERecord?id=CVE-2026-53168
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53168.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53168
Downstream
Related
Published
2026-06-25T08:38:47.420Z
Modified
2026-07-08T08:13:45.132441157Z
Summary
fuse: reject fuse_notify() pagecache ops on directories
Details

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse_notify() pagecache ops on directories

The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents.

For directories with FOPENCACHEDIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuseparsecache() will hit WARN_ON() if the cache contains bogus data.

Reject FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE on anything other than regular files with -EINVAL.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53168.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0
Fixed
15487f98863dc7156ed43c5be26d478beb82ba35
Fixed
bd23fa0c16c5c86e5b7713224ffbb87d9db81cca
Fixed
9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6
Fixed
dd92773d4d9cea010474eb08a5133c14ff6ab53a
Fixed
99c317d7f8b7bbf3de16d20a01f363e390114cea
Fixed
12df4cfa738aefff21756728e91056d7defb0fe6
Fixed
e692f0cb86204dcdb9dddc0b355407eda6394a67
Fixed
9c954499d43aefac01c5dfb57a82b13d2dcf4b94

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53168.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53168.json"