CVE-2022-50217

fuse: write inode in fuse_release()

Published: 6/18/2025 Last updated: 6/18/2025 Reserved: 6/18/2025

In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released. This is a partial revert of the blamed commit.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (10)

conf-bpftool conf-libbpf conf-linux-libc-dev hvsock mirage-block-unix solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm

Products affected (2)

Product	Vendor	Version
Linux	Linux	unspecified
Linux	Linux	1.12.1

References (3)

https://git.kernel.org/stable/c/5ccb0420b7c9334ab8122037847101931b899301
https://git.kernel.org/stable/c/4bd9d5d20f344d015422969302d12653c903c271
https://git.kernel.org/stable/c/035ff33cf4db101250fb980a3941bf078f37a544