CVE-2026-43474
Uninitialized Variable in Linux Kernel fs/file_attr.c
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability involves an uninitialized value bug in the Linux kernel's fuse_fileattr_get function, which could potentially lead to undefined behavior or system instability when file attributes are accessed.
Since it is a kernel-level issue related to file attribute handling, it may affect system reliability or security depending on how the uninitialized value is exploited.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves an uninitialized value bug related to file attribute handling. Specifically, the issue occurs because the initialization of certain flags (flags_valid) was not done before calling the function vfs_fileattr_get. This can lead to the use of uninitialized data in the kernel's internal file attribute structures, as reported by syzbot.
The problem is similar to a previously known context where the kernel's internal file_kattr structure must be initialized before calling vfs_fileattr_get. The fix ensures that the same initialization mechanism is applied when using the file attribute structure (fa) to prevent uninitialized value usage.