Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

FUSE: Multiple Vulnerabilities — GLSA 202604-03

Multiple vulnerabilities have been found in FUSE, the worst of which can lead to code execution.

Affected packages

Package sys-fs/fuse on all architectures
Affected versions < 3.18.1
Unaffected versions >= 3.18.1

Background

FUSE (Filesystem in Userspace) is an interface for userspace programs to export a filesystem to the Linux kernel.

Description

The following vulnerabilities have been discovered in FUSE: a NULL pointer dereference (when running with the NUMA architecture) and a use-after-free. The worst of which can lead to code execution. Please review the CVE identifiers referenced below for details.

Impact

The following is a possible outcome: denial of service (crash) and potential code execution.

Workaround

There is no known workaround at this time.

Resolution

All FUSE users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/fuse-3.18.1:3"

References

Release date
April 17, 2026

Latest revision
April 17, 2026: 1

Severity
normal

Exploitable
remote

Bugzilla entries