CVE-2026-53303 is a vulnerability in Linux Kernel
Published on June 26, 2026
f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
In the Linux kernel, the following vulnerability has been resolved:
f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
In f2fs_sbi_show(), the extension_list, extension_count and
hot_ext_count are read without holding sbi->sb_lock. If a concurrent
sysfs store modifies the extension list via f2fs_update_extension_list(),
the show path may read inconsistent count and array contents, potentially
leading to out-of-bounds access or displaying stale data.
Fix this by holding sb_lock around the entire extension list read
and format operation.
Products Associated with CVE-2026-53303
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version b6a06cbbb5f7fd03589cff9178314af04c568826 and below d3ff0c121bbaef026df6248ab7ef6f0b068b0647 is affected.
- Version b6a06cbbb5f7fd03589cff9178314af04c568826 and below cea15f66b7b68b2c50943a6660e0692c6635e4eb is affected.
- Version b6a06cbbb5f7fd03589cff9178314af04c568826 and below 4b3a1bf4c2ffd4c9595d900ead78c9035894a025 is affected.
- Version b6a06cbbb5f7fd03589cff9178314af04c568826 and below d0e877810baf613b018fd9747440b9d4d9db1428 is affected.
- Version b6a06cbbb5f7fd03589cff9178314af04c568826 and below ea3ab43a1f3cf2c7cecd75c8be1ee99a5e94a92e is affected.
- Version b6a06cbbb5f7fd03589cff9178314af04c568826 and below 5909bedbed38c558bee7cb6758ceedf9bc3a9194 is affected.
- Version 4.17 is affected.
- Before 4.17 is unaffected.
- Version 6.1.175, <= 6.1.* is unaffected.
- Version 6.6.141, <= 6.6.* is unaffected.
- Version 6.12.91, <= 6.12.* is unaffected.
- Version 6.18.33, <= 6.18.* is unaffected.
- Version 7.0.10, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.