GHSA-p5ww-jrfv-82qx · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal...
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.
Conclusion & alert: CVE-2026-31713 is rated Low Risk (23.4/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.02%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-05-02 | — | 0.02% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
GHSA-p5ww-jrfv-82qx · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2026-31713 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2026-31713 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2026-31713 |
suse
|
medium | CVE-2026-31713 severity moderate: SUSE including 21 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 196 product×package rows across 38 product lines (SUSE Linux Enterprise High Availability Extension 15 SP7, SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS, … (38 product lines)): Known Not Affected 196. | https://www.suse.com/security/cve/CVE-2026-31713/ |
ubuntu
|
medium | CVE-2026-31713 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1048, ignored 169, not-affected 134, released 83, needed 10, needs-triage 4, pending 1. | https://ubuntu.com/security/CVE-2026-31713 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 6.18, < 6.18.25 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.19, < 7.0.2 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 7.1 | cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* |