CVE-2026-45252
Analyzed Analyzed - Analysis Complete

Buffer Overflow in FreeBSD fusefs Kernel Module

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: FreeBSD

Description
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-30
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-29
NVD
CVE-2026-45252
EUVD
EUVD-2026-31254

Affected Vendors & Products

Showing 29 associated CPEs
Vendor Product Version / Range
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the FreeBSD fusefs kernel module when it handles extended attributes via the FUSE_LISTXATTR message. The kernel expects a list of NUL-terminated strings from the userspace daemon, but it does not verify that the entire list is properly NUL-terminated before calling strlen() on it.

If a malicious daemon sends a list that is not NUL-terminated, the kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of another buffer. This can lead to disclosure of up to 253 bytes of kernel heap memory or injection of up to 250 attacker-controlled bytes into unallocated kernel heap space.

Impact Analysis

This vulnerability can impact you by allowing a malicious userspace daemon to either read sensitive kernel heap memory or inject malicious data into kernel memory. Specifically, it can disclose up to 253 bytes of kernel heap memory, potentially leaking sensitive information, or write up to 250 bytes of attacker-controlled data into unallocated kernel heap space, which could lead to further exploitation or system instability.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade their FreeBSD systems to the patched versions in stable/15, stable/14, or their respective release branches with fixes applied after May 20, 2026.

After upgrading, a system reboot is necessary to apply the fixes.

If your system does not use the fusefs module or has vfs.usermount disabled, it is unaffected by this vulnerability.

Upgrades can be performed using pkg, freebsd-update, or by applying source code patches.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart