[Midnightbsd-cvs] [MidnightBSD/src] 5238a1: Heap overflow in FUSE_LISTXATTR

Lucas Holt noreply at github.com
Mon Jun 1 12:19:24 EDT 2026


  Branch: refs/heads/stable/4.0
  Home:   https://github.com/MidnightBSD/src
  Commit: 5238a13f81e2afae6619214599e18b2c80b0def4
      https://github.com/MidnightBSD/src/commit/5238a13f81e2afae6619214599e18b2c80b0def4
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-06-01 (Mon, 01 Jun 2026)

  Changed paths:
    M sys/fs/fuse/fuse_ipc.h
    M sys/fs/fuse/fuse_vnops.c
    M tests/sys/fs/fusefs/xattr.cc

  Log Message:
  -----------
  Heap overflow in FUSE_LISTXATTR

 CVE-2026-45252

If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel
module may read beyond the end of one heap-allocated buffer and potentially
write beyond the end of a second buffer.  A malicious daemon could disclose
up to 253 bytes of kernel heap memory, or it could inject up to 250
attacker-controlled bytes into unallocated kernel heap space.

Obtained from: FreeBSD 14.3



To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications


More information about the Midnightbsd-cvs mailing list