{"id":"CVE-2026-53311","summary":"fuse: fix uninit-value in fuse_dentry_revalidate()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix uninit-value in fuse_dentry_revalidate()\n\nfuse_dentry_revalidate() may be called with a dentry that didn't had\n-\u003ed_time initialised.  The issue was found with KMSAN, where lookup_open()\ncalls __d_alloc(), followed by d_revalidate(), as shown below:\n\n=====================================================\nBUG: KMSAN: uninit-value in fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394\n fuse_dentry_revalidate+0x150/0x13d0 fs/fuse/dir.c:394\n d_revalidate fs/namei.c:1030 [inline]\n lookup_open fs/namei.c:4405 [inline]\n open_last_lookups fs/namei.c:4583 [inline]\n path_openat+0x1614/0x64c0 fs/namei.c:4827\n do_file_open+0x2aa/0x680 fs/namei.c:4859\n[...]\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4466 [inline]\n slab_alloc_node mm/slub.c:4788 [inline]\n kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4807\n __d_alloc+0x55/0xa00 fs/dcache.c:1740\n d_alloc_parallel+0x99/0x2740 fs/dcache.c:2604\n lookup_open fs/namei.c:4398 [inline]\n open_last_lookups fs/namei.c:4583 [inline]\n path_openat+0x135f/0x64c0 fs/namei.c:4827\n do_file_open+0x2aa/0x680 fs/namei.c:4859\n[...]\n=====================================================","modified":"2026-07-08T08:09:46.112651024Z","published":"2026-06-26T19:41:04.890Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53311.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3ac9117ba3deab8a5dd22847355f861686f4bee7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/da3d241c5b925f17a9d8051d7a9e0d454d8e01f6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53311.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53311"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2396356a945bb022aff02656f59c2a45d457043f"},{"fixed":"da3d241c5b925f17a9d8051d7a9e0d454d8e01f6"},{"fixed":"3ac9117ba3deab8a5dd22847355f861686f4bee7"},{"fixed":"5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53311.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.18.34"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53311.json"}}],"schema_version":"1.7.5"}