CVE-2026-53168 - Vulnerability Details

- fuse: reject fuse_notify() pagecache ops on directories

Description

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse_notify() pagecache ops on directories

The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the
FUSE daemon to actively write/read pagecache contents.

For directories with FOPEN_CACHE_DIR, the pagecache is used as
kernel-internal cache storage, and userspace is not supposed to have
direct access to this cache - in particular, fuse_parse_cache() will hit
WARN_ON() if the cache contains bogus data.

Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than
regular files with -EINVAL.

Published: 2026-06-25

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< 15487f98863dc7156ed43c5be26d478beb82ba35
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< bd23fa0c16c5c86e5b7713224ffbb87d9db81cca
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< 9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< dd92773d4d9cea010474eb08a5133c14ff6ab53a
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< 99c317d7f8b7bbf3de16d20a01f363e390114cea
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< 12df4cfa738aefff21756728e91056d7defb0fe6
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< e692f0cb86204dcdb9dddc0b355407eda6394a67
`5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0`	affected	< 9c954499d43aefac01c5dfb57a82b13d2dcf4b94

Linux

affected

Version	Status	Constraints
`4.20`	affected	—
`0`	unaffected	< 4.20
`5.10.259`	unaffected	≤ 5.10.*
`5.15.210`	unaffected	≤ 5.15.*
`6.1.176`	unaffected	≤ 6.1.*
`6.6.143`	unaffected	≤ 6.6.*
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0,15487f98863dc7156ed43c5be26d478beb82ba35)`	affected	code_commit	—
`[15487f98863dc7156ed43c5be26d478beb82ba35,bd23fa0c16c5c86e5b7713224ffbb87d9db81cca)`	affected	code_commit	—
`[bd23fa0c16c5c86e5b7713224ffbb87d9db81cca,9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6)`	affected	code_commit	—
`[9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6,dd92773d4d9cea010474eb08a5133c14ff6ab53a)`	affected	code_commit	—
`[dd92773d4d9cea010474eb08a5133c14ff6ab53a,99c317d7f8b7bbf3de16d20a01f363e390114cea)`	affected	code_commit	—
`[99c317d7f8b7bbf3de16d20a01f363e390114cea,12df4cfa738aefff21756728e91056d7defb0fe6)`	affected	code_commit	—
`[12df4cfa738aefff21756728e91056d7defb0fe6,e692f0cb86204dcdb9dddc0b355407eda6394a67)`	affected	code_commit	—
`[e692f0cb86204dcdb9dddc0b355407eda6394a67,9c954499d43aefac01c5dfb57a82b13d2dcf4b94)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4.20,4.20]`	affected	generic	—
`[0,4.20)`	unaffected	generic	—
`[5.10.259,5.11.0)`	unaffected	semver	—
`[5.15.210,5.16.0)`	unaffected	semver	—
`[6.1.176,6.2.0)`	unaffected	semver	—
`[6.6.143,6.7.0)`	unaffected	semver	—
`[6.12.94,6.13.0)`	unaffected	semver	—
`[6.18.36,6.19.0)`	unaffected	semver	—
`[7.0.13,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00176.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/12df4cfa738aefff21756728e91056d7defb0fe6
https://git.kernel.org/stable/c/15487f98863dc7156ed43c5be26d478beb82ba35
https://git.kernel.org/stable/c/99c317d7f8b7bbf3de16d20a01f363e390114cea
https://git.kernel.org/stable/c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94
https://git.kernel.org/stable/c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6
https://git.kernel.org/stable/c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca
https://git.kernel.org/stable/c/dd92773d4d9cea010474eb08a5133c14ff6ab53a
https://git.kernel.org/stable/c/e692f0cb86204dcdb9dddc0b355407eda6394a67
https://lore.kernel.org/linux-cve-announce/2026062551-CVE-2026-53168-7097@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53168
https://www.cve.org/CVERecord?id=CVE-2026-53168

History

Fri, 26 Jun 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-767

Fri, 26 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-266
References		https://lore.kernel.org/linux-cve-announce/2026062551-CVE-2026-53168-7097@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53168 https://www.cve.org/CVERecord?id=CVE-2026-53168
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Thu, 25 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-767

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.
Title		fuse: reject fuse_notify() pagecache ops on directories
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/12df4cfa738aefff21756728e91056d7defb0fe6 https://git.kernel.org/stable/c/15487f98863dc7156ed43c5be26d478beb82ba35 https://git.kernel.org/stable/c/99c317d7f8b7bbf3de16d20a01f363e390114cea https://git.kernel.org/stable/c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94 https://git.kernel.org/stable/c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6 https://git.kernel.org/stable/c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca https://git.kernel.org/stable/c/dd92773d4d9cea010474eb08a5133c14ff6ab53a https://git.kernel.org/stable/c/e692f0cb86204dcdb9dddc0b355407eda6394a67

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:47.420Z

Updated: 2026-06-25T08:38:47.420Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53168

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53168 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T16:30:03Z

Weaknesses

CWE-266

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object