CVE-2026-53311

Source
https://cve.org/CVERecord?id=CVE-2026-53311
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53311.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53311
Downstream
Published
2026-06-26T19:41:04.890Z
Modified
2026-07-08T08:09:46.112651024Z
Summary
fuse: fix uninit-value in fuse_dentry_revalidate()
Details

In the Linux kernel, the following vulnerability has been resolved:

fuse: fix uninit-value in fusedentryrevalidate()

fusedentryrevalidate() may be called with a dentry that didn't had ->dtime initialised. The issue was found with KMSAN, where lookupopen() calls __dalloc(), followed by drevalidate(), as shown below:

===================================================== BUG: KMSAN: uninit-value in fusedentryrevalidate+0x150/0x13d0 fs/fuse/dir.c:394 fusedentryrevalidate+0x150/0x13d0 fs/fuse/dir.c:394 drevalidate fs/namei.c:1030 [inline] lookupopen fs/namei.c:4405 [inline] openlastlookups fs/namei.c:4583 [inline] pathopenat+0x1614/0x64c0 fs/namei.c:4827 dofile_open+0x2aa/0x680 fs/namei.c:4859 [...]

Uninit was created at: slabpostallochook mm/slub.c:4466 [inline] slaballocnode mm/slub.c:4788 [inline] kmemcachealloclru_noprof+0x382/0x1280 mm/slub.c:4807 _dalloc+0x55/0xa00 fs/dcache.c:1740 dallocparallel+0x99/0x2740 fs/dcache.c:2604 lookupopen fs/namei.c:4398 [inline] openlastlookups fs/namei.c:4583 [inline] pathopenat+0x135f/0x64c0 fs/namei.c:4827 dofileopen+0x2aa/0x680 fs/namei.c:4859

[...]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53311.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2396356a945bb022aff02656f59c2a45d457043f
Fixed
da3d241c5b925f17a9d8051d7a9e0d454d8e01f6
Fixed
3ac9117ba3deab8a5dd22847355f861686f4bee7
Fixed
5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53311.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.18.34
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53311.json"