CVE-2026-43474
Description
In the Linux kernel, the following vulnerability has been resolved:
fs: init flags_valid before calling vfs_fileattr_get
syzbot reported a uninit-value bug in [1].
Similar to the "*get" context where the kernel's internal file_kattr structure is initialized before calling vfs_fileattr_get(), we should use the same mechanism when using fa.
[1] BUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 vfs_fileattr_get fs/file_attr.c:94 [inline] __do_sys_file_getattr fs/file_attr.c:416 [inline]
Local variable fa.i created at: __do_sys_file_getattr fs/file_attr.c:380 [inline] __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel uninitialized-stack-memory bug in vfs_fileattr_get can leak kernel data via FUSE ioctl.
Vulnerability
CVE-2026-43474 is a Linux kernel vulnerability in the vfs_fileattr_get function, where the fa (file attributes) structure is used without being fully initialized. The kernel's internal file_kattr structure is properly initialized before calling vfs_fileattr_get(), but the fa structure used in the same code path is not, leading to an uninitialized value being passed to filesystem-specific get handlers like fuse_fileattr_get [1].
Exploitation
An attacker with local access and the ability to invoke the file_getattr system call (e.g., via ioctl on a FUSE filesystem) can trigger this bug. The uninitialized stack memory may contain sensitive kernel data, which can then be leaked to userspace through the returned file attributes structure. No special privileges beyond normal user access are required to trigger the code path [1].
Impact
Successful exploitation can result in information disclosure, as uninitialized kernel stack memory may be copied to userspace. This could leak sensitive data such as kernel pointers or other secrets, potentially aiding further attacks. The bug was discovered by syzbot, indicating it is reachable and can be triggered reliably [1].
Mitigation
The fix has been applied to the Linux kernel stable tree in commit b8c182b2c8c44c6016b11d8af61715ad7ef958a1, which initializes fa before calling vfs_fileattr_get. Users should update their kernels to include this patch. No workarounds are available; the vulnerability is fixed by the kernel update [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026