{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53167", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.389Z", "datePublished": "2026-06-25T08:38:46.751Z", "dateUpdated": "2026-06-25T08:38:46.751Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-25T08:38:46.751Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios\n\nFUSE_NOTIFY_RETRIEVE must be limited to uptodate folios; !uptodate folios\ncan contain uninitialized data.\nSince FUSE_NOTIFY_RETRIEVE is intended to only return data that is already\nin the page cache and not wait for data from the FUSE daemon, treat\n!uptodate folios as if they weren't present.\n\nThis only has security impact on systems that don't enable automatic\nzero-initialization of all page allocations via\nCONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/dev.c"], "versions": [{"version": "2d45ba381a74a743eeaa2b06c7c5c0d2bf73ba1a", "lessThan": "56763afa013444a9d84ca1b74e4b7130942177ba", "status": "affected", "versionType": "git"}, {"version": "2d45ba381a74a743eeaa2b06c7c5c0d2bf73ba1a", "lessThan": "1fb8735a3a4d894f8c1f90b741a3ab1d3817f9bd", "status": "affected", "versionType": "git"}, {"version": "2d45ba381a74a743eeaa2b06c7c5c0d2bf73ba1a", "lessThan": "4e3d1b2c48ca6c55f1e9ca7f8dccc76f120f276c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/dev.c"], "versions": [{"version": "2.6.36", "status": "affected"}, {"version": "0", "lessThan": "2.6.36", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.36", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.36", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.36", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/56763afa013444a9d84ca1b74e4b7130942177ba"}, {"url": "https://git.kernel.org/stable/c/1fb8735a3a4d894f8c1f90b741a3ab1d3817f9bd"}, {"url": "https://git.kernel.org/stable/c/4e3d1b2c48ca6c55f1e9ca7f8dccc76f120f276c"}], "title": "fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{}

{}