Use After Free in libfuse

Description

The UAF (CVE-2026-33150) is triggered by pthread_create failure or io_uring_queue_init_params failure, not by the CVE-2026-33179 sub-bugs. Container resource limits (cgroup pids.max, RLIMIT_NPROC) reliably cause...

Affected Products

Vendor	Product	Versions
libfu	libfu	>= 3.18.0, < 3.18.2

References

https://github.com/libfuse/libfuse/security/advisories/GHSA-qxv7-xrc2-qmfx(x_refsource_CONFIRM)
https://github.com/libfuse/libfuse/commit/49fcd891a58f622c098e2ca67d66086f7b213836(x_refsource_MISC)
https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2(x_refsource_MISC)

Related News (3 articles)

Tier B

BSI Advisories5h ago

[NEU] [hoch] Red Hat FUSE (libfuse): Mehrere Schwachstellen ermöglichen Codeausführung und DoS

→ No new info (linked only)

Tier E

Full Disclosure1d ago

CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref)

→ No new info (linked only)

Tier C

oss-security5d ago

Re: CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref)

→ No new info (linked only)

Use After Free in libfuse

Description

Affected Products

References

Related News (3 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History