¡¾·ì϶¹«¸æ¡¿Linux Kernel FUSEÒ³»º´æÒç¶Âí½Å(CVE-2026-31694)

°ä²¼¹¦·ò 2026-07-08

Ò»¡¢·ì϶¸ÅÊö


0608-1·ì϶¸ÅÊö.png


Linux KernelÊÇLinux²Ù×÷ϵͳµÄÖ÷Ìâ×é¼þ£¬ÕƹÜÖÎÀíϵͳӲ¼þ×ÊÔ´¡¢¹ý³Ìµ÷¶È¡¢ÄÚ´æÖÎÀí¡¢Îļþϵͳ¡¢ÍøÂçͨѶµÈ¹Ø¼üÖ°ÄÜ¡£FUSE£¨Filesystem in Userspace£©ÊÇLinux KernelÌṩµÄÓû§Ì¬Îļþϵͳ¿ò¼Ü£¬ÔÊÐíÓû§¿Õ¼ä·¨Ê½ÊµÏÖ×Ô½ç˵Îļþϵͳ£¬Í¨¹ý/dev/fuseÓëÄں˽øÐÐͨѶ£¬¿í·ºÓÃÓÚÐé¹¹Îļþϵͳ¡¢ÔÆ´æ´¢¹ÒÔØ¼°Óû§Ì¬´æ´¢·þÎñµÈ³¡¾°¡£


2026Äê7ÔÂ8ÈÕ£¬28Ȧ°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Linux Kernel FUSEÒ³»º´æÒç¶Âí½Å¡£¸Ã·ì϶´æÔÚÓÚfs/fuse/readdir.cÎļþµÄfuse_add_dirent_to_cache()º¯ÊýÖУ¬ÓÉÓÚÄÚºËδУÑéÓÉFUSEÓû§Ì¬·þÎñÆ÷½ÚÔìµÄĿ¼Ïî´óÓ×£¬µ¼Ö³¬´óĿ¼ÏîÔÚдÈëÒ³»º´æÊ±²úÉúÔ½½çдÈë¡£¹¥»÷Õß¿Éͨ¹ý´´½¨¶ñÒâFUSEÎļþϵͳ²¢·µ»ØÌØÔìĿ¼Ïî´¥·¢·ì϶£¬¸²¸ÇÏàÁÚÄÚºËÒ³»º´æÊý¾Ý£¬½øÒ»²½ÀûÓÃSUID·¨Ê½»º´æÄÚÈÝ´Û¸ÄʵÏÖ±¾µØÈ¨ÏÞÌáÉý£¬×îÖÕ»ñÈ¡rootȨÏÞ¡£



¶þ¡¢Ó°ÏìÁìÓò



4.20 <= Linux Kernel < 6.6.136

6.7 <= Linux Kernel < 6.12.84

6.13 <= Linux Kernel < 6.18.25

6.19 <= Linux Kernel < 7.0.2

Linux Kernel = 7.1-rc1

Linux Kernel = 7.1-rc2



Èý¡¢°²È«´ëÊ©



3.1 Éý¼¶°æ±¾¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£

Linux Kernel >= 6.6.136

Linux Kernel >= 6.12.84

Linux Kernel >= 6.18.25

Linux Kernel >= 7.0.2

Linux Kernel >= 7.1-rc3

ÏÂÔØÁ´½Ó£º

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=51a8de6c50bf947c8f534cd73da4c8f0a13e7bed/


3.2һʱ´ëÊ©


ÔÚÎÞ·¨µ±¼´Éý¼¶Äں˵ÄÇé¿öÏ£¬½¨Ò飺

²»ÈÝͨ³£Óû§¹ÒÔØ FUSE Îļþϵͳ£»

ÏÞ¶È /dev/fuse É豸½Ó¼ûȨÏÞ£»

½ûÓò»ÓÃÒªµÄ FUSE ·þÎñºÍ×é¼þ£»

¶Ô´æÔÚ¸ßȨÏÞÔËÐл·¾³£¨·þÎñÆ÷¡¢ÔÆÖ÷»ú¡¢ÈÝÆ÷ËÞÖ÷»ú£©ÓÅÏÈÆÌÅÅÄÚºËÉý¼¶¡£


3.3 ͨÓý¨Òé


¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£

ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://nvd.nist.gov/vuln/detail/CVE-2026-31694/https://bynar.io/blog/discovery-validation-in-the-linux-kernel-part-2-fuse-page-cache-overflow