CVE-2026-53303

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()<br /> <br /> In f2fs_sbi_show(), the extension_list, extension_count and<br /> hot_ext_count are read without holding sbi-&gt;sb_lock. If a concurrent<br /> sysfs store modifies the extension list via f2fs_update_extension_list(),<br /> the show path may read inconsistent count and array contents, potentially<br /> leading to out-of-bounds access or displaying stale data.<br /> <br /> Fix this by holding sb_lock around the entire extension list read<br /> and format operation.

Impact