Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
Loading...
Loading...
Score 5.5 from GitHub Security Advisory published 2022-05-13. NVD baseline CVSS 5.5; sources differ by 0.0.
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
May 24, 2012
April 29, 2026
Fix landed in torvalds/linux commit c2183d1e9b3f — awaiting tagged release
https://github.com/torvalds/linux/commit/c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7aeAffected: Red Hat Enterprise Linux 4 as they did not provide support for FUSE. This issue did not affect the versions of Linux kernel as
https://bugzilla.redhat.com/show_bug.cgi?id=736761| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | linux-image-2.6.32-35-386 (2.6.32-35.78) @ lucid | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.35-903-omap4 (2.6.35-903.29) @ maverick | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.32-319-ec2 (2.6.32-319.39) @ lucid | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.35-32-generic (2.6.35-32.66~lucid1) @ lucid | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.32-219-dove (2.6.32-219.37) @ lucid | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.32-419-dove (2.6.32-419.37) @ maverick | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.35-32-omap (2.6.35-32.65) @ maverick | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.38-1209-omap4 (2.6.38-1209.20) @ natty | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.38-13-generic (2.6.38-13.56~lucid1) @ lucid | 2026-05-29 | ubuntu |
| ubuntu | linux-image-2.6.38-13-powerpc-smp (2.6.38-13.55) @ natty | 2026-05-29 | ubuntu |
| redhat | kernel-rt-0:2.6.33.9-rt31.79.el6rt | 2012-01-10 | redhat |
| redhat | kernel-0:2.6.32-131.21.1.el6 | 2011-11-22 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
RHSA-2011:1465 — Moderate
RHSA-2012:0010 — Moderate
Linux kernel (EC2) vulnerabilities
Linux kernel (Marvell DOVE) vulnerabilities
Linux kernel (Marvell DOVE) vulnerabilities
Linux kernel vulnerabilities
Linux kernel (OMAP4) vulnerabilities
Linux kernel (OMAP4) vulnerability
Linux kernel vulnerabilities
Linux kernel vulnerabilities
Linux kernel (Natty backport) vulnerabilities
Linux kernel (Maverick backport) vulnerabilities
Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.
See which npm, PyPI, Go, and Maven packages are affected by CVE-2011-3353
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
redhat
CWE-120