Bug 2468193 (CVE-2026-43474) - CVE-2026-43474 kernel: fs: init flags_valid before calling vfs_fileattr_get
Summary: CVE-2026-43474 kernel: fs: init flags_valid before calling vfs_fileattr_get
Keywords:
Status: NEW
Alias: CVE-2026-43474
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-08 15:04 UTC by OSIDB Bzimport
Modified: 2026-05-09 02:05 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-08 15:04:01 UTC 
In the Linux kernel, the following vulnerability has been resolved:

fs: init flags_valid before calling vfs_fileattr_get

syzbot reported a uninit-value bug in [1].

Similar to the "*get" context where the kernel's internal file_kattr
structure is initialized before calling vfs_fileattr_get(), we should
use the same mechanism when using fa.

[1]
BUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517
 fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517
 vfs_fileattr_get fs/file_attr.c:94 [inline]
 __do_sys_file_getattr fs/file_attr.c:416 [inline]

Local variable fa.i created at:
 __do_sys_file_getattr fs/file_attr.c:380 [inline]
 __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372
Comment 1 Keith Grant 2026-05-09 02:03:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050806-CVE-2026-43474-36a6@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.