CVE-2026-43474

Published: May 8, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context where the kernel's internal file_kattr structure is initialized before calling vfs_fileattr_get(), we should use the same mechanism when using fa. [1] BUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 vfs_fileattr_get fs/file_attr.c:94 [inline] __do_sys_file_getattr fs/file_attr.c:416 [inline] Local variable fa.i created at: __do_sys_file_getattr fs/file_attr.c:380 [inline] __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372

Vendor	Product	Versions
Linux	Linux	affected `be7efb2d20d67f334a7de2aef77ae6c69367e646 - < 379e19e820dd1c6145426b97467728b3b89c0b42` affected `be7efb2d20d67f334a7de2aef77ae6c69367e646 - < b8c182b2c8c44c6016b11d8af61715ad7ef958a1` affected `be7efb2d20d67f334a7de2aef77ae6c69367e646 - < cb184dd19154fc486fa3d9e02afe70a97e54e055`
Linux	Linux	affected `6.17` unaffected `0 - < 6.17` unaffected `6.18.19 - <= 6.18.` unaffected `6.19.9 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/379e19e820dd1c6145426b97467728b3b89c0b42

https://git.kernel.org/stable/c/b8c182b2c8c44c6016b11d8af61715ad7ef958a1

https://git.kernel.org/stable/c/cb184dd19154fc486fa3d9e02afe70a97e54e055

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43474

Description

Affected Products

References