[Midnightbsd-cvs] [MidnightBSD/src] 5238a1: Heap overflow in FUSE_LISTXATTR
Lucas Holt
noreply at github.com
Mon Jun 1 12:19:24 EDT 2026
Branch: refs/heads/stable/4.0
Home: https://github.com/MidnightBSD/src
Commit: 5238a13f81e2afae6619214599e18b2c80b0def4
https://github.com/MidnightBSD/src/commit/5238a13f81e2afae6619214599e18b2c80b0def4
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M sys/fs/fuse/fuse_ipc.h
M sys/fs/fuse/fuse_vnops.c
M tests/sys/fs/fusefs/xattr.cc
Log Message:
-----------
Heap overflow in FUSE_LISTXATTR
CVE-2026-45252
If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel
module may read beyond the end of one heap-allocated buffer and potentially
write beyond the end of a second buffer. A malicious daemon could disclose
up to 253 bytes of kernel heap memory, or it could inject up to 250
attacker-controlled bytes into unallocated kernel heap space.
Obtained from: FreeBSD 14.3
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list