Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization
Vulnerability Description
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
libfuse 代码问题漏洞
Vulnerability Description
libfuse是libfuse开源的一个用户空间文件系统开发库。 libfuse 3.18.0至3.18.2之前版本存在代码问题漏洞,该漏洞源于fuse_uring_init_queue函数存在空指针取消引用和内存泄漏,可能导致本地用户使FUSE守护进程崩溃或导致资源耗尽。
CVSS Information
N/A
Vulnerability Type
N/A