CVE-2026-33179

MEDIUM

libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

Title source: cna
STIX 2.1

Description

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.

References (3)

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (2)
libfuse/libfuse >= 3.18.0, < 3.18.2
libfuse_project/libfuse 3.18.0 - 3.18.2
Published Mar 20, 2026
Tracked Since Mar 21, 2026