Linux Kernel FUSE Subsystem Inode Write Vulnerability in Release Process

Vulnerability

A vulnerability in the Linux kernel's FUSE (Filesystem in Userspace) implementation has been addressed. The issue arose from a race condition between the write and close operations, which allowed pages to be modified after the FUSE flush operation had been called but before the inode was fully released. If these modified pages were not flushed during the release process, it could result in a file not being writable when needed later. The vulnerability required dirty pages to be written back before the file was closed. This issue is a partial revert of a previous commit that introduced the problem.

Impact

The vulnerability could lead to files not being writable when needed, potentially causing data loss or application errors.

Added: Jun 18, 2025, 1:20 PM

Updated: Jun 18, 2025, 1:20 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel FUSE Subsystem Inode Write Vulnerability in Release Process

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating