CVE-2024-47746: fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set

Description

In the Linux kernel, the following vulnerability has been resolved:

fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set

This may be a typo. The comment has said shared locks are
not allowed when this bit is set. If using shared lock, the
wait in `fuse_file_cached_io_open` may be forever.

Classification

CVE ID: CVE-2024-47746

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.43% (scored less or equal to compared to others)

EPSS Date: 2025-05-04 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47746
https://git.kernel.org/stable/c/fa4890bd8237e5a1e7428acd7328729db2703b23
https://git.kernel.org/stable/c/4e181761ffec67307157a7e8a78d58ee4130cf00
https://git.kernel.org/stable/c/2f3d8ff457982f4055fe8f7bf19d3821ba22c376

Timeline

2025-05-04 10:40:19 UTC
CVE

fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set