Fedora Account System
Red Hat Associate
Red Hat Customer
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
*** Bug 2451609 has been marked as a duplicate of this bug. ***
*** Bug 2451610 has been marked as a duplicate of this bug. ***
These CVEs affect libfuse3's io_uring subsystem, which was introduced in fuse3 3.18.0 and fixed in 3.18.2. Only fuse3 versions 3.18.0 and 3.18.1 are vulnerable. fuse3-3.18.2 has already been built and pushed to stable for both rawhide (fuse3-3.18.2-1.fc45) and f44 (fuse3-3.18.2-1.fc44). f43 and older ship fuse3 3.16.x which does not include the io_uring subsystem and is not affected.