CVE Catalog

CVE-2026-53303

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

In the Linux kernel's F2FS filesystem, a vulnerability was found where f2fs_sbi_show() reads the extension list, extension count, and hot extension count without holding the sb_lock. Concurrent modification via sysfs can cause inconsistent reads, potentially leading to out-of-bounds access or displaying stale data.

Risk Assessment

The risk involves potential data integrity issues in the F2FS filesystem and possible out-of-bounds access, which could lead to system crashes or unpredictable kernel behavior.

Recommendation

Immediately update the Linux kernel to a version containing the fix that protects the extension list read with sb_lock in f2fs_sbi_show().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS