{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T17:04:30.008","vulnerabilities":[{"cve":{"id":"CVE-2024-38626","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-06-21T11:15:11.517","lastModified":"2025-10-03T14:49:28.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: clear FR_SENT when re-adding requests into pending list\n\nThe following warning was reported by lee bruce:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300\n  fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300\n  Modules linked in:\n  CPU: 0 PID: 8264 Comm: ab2 Not tainted 6.9.0-rc7\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n  RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300\n  ......\n  Call Trace:\n  <TASK>\n  fuse_dev_do_read.constprop.0+0xd36/0x1dd0 fs/fuse/dev.c:1334\n  fuse_dev_read+0x166/0x200 fs/fuse/dev.c:1367\n  call_read_iter include/linux/fs.h:2104 [inline]\n  new_sync_read fs/read_write.c:395 [inline]\n  vfs_read+0x85b/0xba0 fs/read_write.c:476\n  ksys_read+0x12f/0x260 fs/read_write.c:619\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xce/0x260 arch/x86/entry/common.c:83\n  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  ......\n  </TASK>\n\nThe warning is due to the FUSE_NOTIFY_RESEND notify sent by the write()\nsyscall in the reproducer program and it happens as follows:\n\n(1) calls fuse_dev_read() to read the INIT request\nThe read succeeds. During the read, bit FR_SENT will be set on the\nrequest.\n(2) calls fuse_dev_write() to send an USE_NOTIFY_RESEND notify\nThe resend notify will resend all processing requests, so the INIT\nrequest is moved from processing list to pending list again.\n(3) calls fuse_dev_read() with an invalid output address\nfuse_dev_read() will try to copy the same INIT request to the output\naddress, but it will fail due to the invalid address, so the INIT\nrequest is ended and triggers the warning in fuse_request_end().\n\nFix it by clearing FR_SENT when re-adding requests into pending list."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fusible: borre FR_SENT al volver a agregar solicitudes a la lista pendiente Lee bruce informó la siguiente advertencia: ------------[ cortar aquí ]- ----------- ADVERTENCIA: CPU: 0 PID: 8264 en fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300 Módulos vinculados en: CPU: 0 PID: 8264 Comm: ab2 No contaminado 6.9.0-rc7 Nombre del hardware: PC estándar QEMU (i440FX + PIIX, 1996) RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300 ...... Seguimiento de llamadas:  fuse_dev_do_read.constprop.0+0xd36/0x1dd0 fs/fuse/dev.c:1334 fuse_dev_read+0x166/0x200 fs/fuse/dev.c:1367 call_read_iter include/linux/fs.h:2104 [en línea ] new_sync_read fs/read_write.c:395 [en línea] vfs_read+0x85b/0xba0 fs/read_write.c:476 ksys_read+0x12f/0x260 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:52 [en línea ] do_syscall_64+0xce/0x260 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f ......  La advertencia se debe a la notificación FUSE_NOTIFY_RESEND enviada por la llamada al sistema write() en el reproductor programa y sucede de la siguiente manera: (1) llama a fuse_dev_read() para leer la solicitud INIT La lectura se realiza correctamente. Durante la lectura, se establecerá el bit FR_SENT en la solicitud. (2) llama a fuse_dev_write() para enviar una notificación USE_NOTIFY_RESEND. La notificación de reenvío reenviará todas las solicitudes de procesamiento, por lo que la solicitud INIT se mueve nuevamente de la lista de procesamiento a la lista pendiente. (3) llama a fuse_dev_read() con una dirección de salida no válida. fuse_dev_read() intentará copiar la misma solicitud INIT a la dirección de salida, pero fallará debido a la dirección no válida, por lo que la solicitud INIT finaliza y activa la advertencia en fuse_request_end (). Solucionelo borrando FR_SENT al volver a agregar solicitudes a la lista pendiente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.9.4","matchCriteriaId":"A500F935-F0ED-4DC7-AD02-9D7C365D13AE"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/246014876d782bbf2e652267482cd2e799fb5fcd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/533070db659a9589310a743e9de14cf9d651ffaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/246014876d782bbf2e652267482cd2e799fb5fcd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/533070db659a9589310a743e9de14cf9d651ffaf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}