In the Linux kernel, the following vulnerability has been resolved:
fuse: fix uninit-value in fusedentryrevalidate()
fusedentryrevalidate() may be called with a dentry that didn't had ->dtime initialised. The issue was found with KMSAN, where lookupopen() calls __dalloc(), followed by drevalidate(), as shown below:
===================================================== BUG: KMSAN: uninit-value in fusedentryrevalidate+0x150/0x13d0 fs/fuse/dir.c:394 fusedentryrevalidate+0x150/0x13d0 fs/fuse/dir.c:394 drevalidate fs/namei.c:1030 [inline] lookupopen fs/namei.c:4405 [inline] openlastlookups fs/namei.c:4583 [inline] pathopenat+0x1614/0x64c0 fs/namei.c:4827 dofile_open+0x2aa/0x680 fs/namei.c:4859 [...]
Uninit was created at: slabpostallochook mm/slub.c:4466 [inline] slaballocnode mm/slub.c:4788 [inline] kmemcachealloclru_noprof+0x382/0x1280 mm/slub.c:4807 _dalloc+0x55/0xa00 fs/dcache.c:1740 dallocparallel+0x99/0x2740 fs/dcache.c:2604 lookupopen fs/namei.c:4398 [inline] openlastlookups fs/namei.c:4583 [inline] pathopenat+0x135f/0x64c0 fs/namei.c:4827 dofileopen+0x2aa/0x680 fs/namei.c:4859
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53311.json",
"cna_assigner": "Linux"
}