Kernel Vulnerability in Linux Affecting File System Management
CVE-2026-53303

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53303?

A vulnerability exists in the Linux kernel's f2fs file system where the extension_list, extension_count, and hot_ext_count can be read without the necessary synchronization lock. This oversight allows a concurrent modification during sysfs operations, potentially leading to reading inconsistent data or out-of-bounds accesses. The vulnerability has been addressed by implementing a protective mechanism that locks the sb_lock during extension list operations to ensure data integrity.

Affected Version(s)

Linux b6a06cbbb5f7fd03589cff9178314af04c568826

Linux b6a06cbbb5f7fd03589cff9178314af04c568826 < 4b3a1bf4c2ffd4c9595d900ead78c9035894a025

References

https://git.kernel.org/stable/c/d3ff0c121bbaef026df6248ab...

https://git.kernel.org/stable/c/cea15f66b7b68b2c50943a666...

https://git.kernel.org/stable/c/4b3a1bf4c2ffd4c9595d900ea...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53303 Data

JSON