2464392 – (CVE-2026-31713) CVE-2026-31713 kernel: fuse: abort on fatal signal during sync init

Bug 2464392 (CVE-2026-31713) - CVE-2026-31713 kernel: fuse: abort on fatal signal during sync init

Summary: CVE-2026-31713 kernel: fuse: abort on fatal signal during sync init

Keywords:
Status:	NEW
Alias:	CVE-2026-31713
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-01 15:04 UTC by OSIDB Bzimport
Modified:	2026-05-01 20:25 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-01 15:04:09 UTC

In the Linux kernel, the following vulnerability has been resolved:

fuse: abort on fatal signal during sync init

When sync init is used and the server exits for some reason (error, crash)
while processing FUSE_INIT, the filesystem creation will hang.  The reason
is that while all other threads will exit, the mounting thread (or process)
will keep the device fd open, which will prevent an abort from happening.

This is a regression from the async mount case, where the mount was done
first, and the FUSE_INIT processing afterwards, in which case there's no
such recursive syscall keeping the fd open.

Comment 1 Keith Grant 2026-05-01 20:22:32 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050123-CVE-2026-31713-2109@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.