CVE-2026-31713
FUSE Fatal Signal Abort During Sync Init
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's FUSE (Filesystem in Userspace) implementation. Specifically, when the sync init method is used and the server exits unexpectedly (due to an error or crash) while processing the FUSE_INIT request, the creation of the filesystem hangs. This happens because although other threads exit, the mounting thread or process keeps the device file descriptor (fd) open, preventing the abort process from completing.
This issue is a regression compared to the async mount case, where the mount operation completes before FUSE_INIT processing, avoiding the problem of a recursive syscall keeping the fd open.
How can this vulnerability impact me? :
The vulnerability can cause the filesystem creation process to hang indefinitely when the server crashes or exits during FUSE_INIT processing using sync init. This can lead to system instability or denial of service conditions where the affected filesystem cannot be mounted or used properly.