NVD

CVE-2026-53168 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/12df4cfa738aefff21756728e91056d7defb0fe6	kernel.org
https://git.kernel.org/stable/c/15487f98863dc7156ed43c5be26d478beb82ba35	kernel.org
https://git.kernel.org/stable/c/99c317d7f8b7bbf3de16d20a01f363e390114cea	kernel.org
https://git.kernel.org/stable/c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94	kernel.org
https://git.kernel.org/stable/c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6	kernel.org
https://git.kernel.org/stable/c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca	kernel.org
https://git.kernel.org/stable/c/dd92773d4d9cea010474eb08a5133c14ff6ab53a	kernel.org
https://git.kernel.org/stable/c/e692f0cb86204dcdb9dddc0b355407eda6394a67	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/25/2026 5:16:34 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.
Added	Reference	https://git.kernel.org/stable/c/12df4cfa738aefff21756728e91056d7defb0fe6
Added	Reference	https://git.kernel.org/stable/c/15487f98863dc7156ed43c5be26d478beb82ba35
Added	Reference	https://git.kernel.org/stable/c/99c317d7f8b7bbf3de16d20a01f363e390114cea
Added	Reference	https://git.kernel.org/stable/c/9c954499d43aefac01c5dfb57a82b13d2dcf4b94
Added	Reference	https://git.kernel.org/stable/c/9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6
Added	Reference	https://git.kernel.org/stable/c/bd23fa0c16c5c86e5b7713224ffbb87d9db81cca
Added	Reference	https://git.kernel.org/stable/c/dd92773d4d9cea010474eb08a5133c14ff6ab53a
Added	Reference	https://git.kernel.org/stable/c/e692f0cb86204dcdb9dddc0b355407eda6394a67
Added	Affected	Record truncated, showing 2048 of 2439 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/fuse/dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"15487f98863dc7156ed43c5be26d478beb82ba35","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"bd23fa0c16c5c86e5b7713224ffbb87d9db81cca","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"9dbf1b2fadfc6c40805631d8a8276d1639fc9ab6","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"dd92773d4d9cea010474eb08a5133c14ff6ab53a","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"99c317d7f8b7bbf3de16d20a01f363e390114cea","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"12df4cfa738aefff21756728e91056d7defb0fe6","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"e692f0cb86204dcdb9dddc0b355407eda6394a67","versionType":"git","status":"affected"},{"version":"5d7bc7e8680c7ca4c8a4f139ce2a54ccb8131ef0","lessThan":"9c954499d43aefac01c5dfb57a82b13d2dcf4b94","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/fuse/dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.","versionType":"semver","status":"unaffe

Quick Info

CVE Dictionary Entry:
CVE-2026-53168
NVD Published Date:
06/25/2026
NVD Last Modified:
06/25/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-53168 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/25/2026 5:16:34 AM

Quick Info