CVE Catalog

CVE-2026-53303

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the F2FS filesystem was found where f2fs_sbi_show() reads extension_list, extension_count, and hot_ext_count without holding sb_lock. Concurrent modification via sysfs can lead to inconsistent reads, potentially causing out-of-bounds access or displaying stale data.

Risk Assessment

The risk involves potential data integrity issues in the F2FS filesystem, information leakage, or system crashes due to reading inconsistent or outdated extension list data.

Recommendation

Immediately update the Linux kernel to a version containing the fix that holds sb_lock around the extension list read and format operation in f2fs_sbi_show().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS