CVE-2026-53303 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/4b3a1bf4c2ffd4c9595d900ead78c9035894a025
https://git.kernel.org/stable/c/5909bedbed38c558bee7cb6758ceedf9bc3a9194
https://git.kernel.org/stable/c/cea15f66b7b68b2c50943a6660e0692c6635e4eb
https://git.kernel.org/stable/c/d0e877810baf613b018fd9747440b9d4d9db1428
https://git.kernel.org/stable/c/d3ff0c121bbaef026df6248ab7ef6f0b068b0647
https://git.kernel.org/stable/c/ea3ab43a1f3cf2c7cecd75c8be1ee99a5e94a92e

History

Fri, 26 Jun 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-363

Fri, 26 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.
Title		f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4b3a1bf4c2ffd4c9595d900ead78c9035894a025 https://git.kernel.org/stable/c/5909bedbed38c558bee7cb6758ceedf9bc3a9194 https://git.kernel.org/stable/c/cea15f66b7b68b2c50943a6660e0692c6635e4eb https://git.kernel.org/stable/c/d0e877810baf613b018fd9747440b9d4d9db1428 https://git.kernel.org/stable/c/d3ff0c121bbaef026df6248ab7ef6f0b068b0647 https://git.kernel.org/stable/c/ea3ab43a1f3cf2c7cecd75c8be1ee99a5e94a92e

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-26T19:40:59.383Z

Updated: 2026-06-26T19:40:59.383Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53303

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-27T02:45:09Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object