Primary

Context

Linux Kernel FUSE Slab-Out-Of-Bounds Write Vulnerability

Vulnerability

Patched

A slab-out-of-bounds write vulnerability has been identified in the Linux kernel's FUSE (Filesystem in Userspace) implementation. This issue arises in the 'fuse_dev_do_write' function when the number of bytes to be retrieved exceeds the upper limit set by 'fc->max_pages', particularly when an offset is involved. The vulnerability has been addressed by adding a loop termination condition to prevent such buffer overruns.

Impact

Exploitation of this vulnerability leads to a slab-out-of-bounds write, which can potentially be exploited to overwrite memory and execute arbitrary code.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is available in the Linux kernel stable tree.

Added: Sep 23, 2025, 6:17 AM

Updated: Sep 23, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel FUSE Slab-Out-Of-Bounds Write Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating