Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-53320

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/06/2026
Última modificación:
30/06/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()<br /> <br /> nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks<br /> by comparing it with the current block number bd_blocknr. If they differ,<br /> the block is considered dead and skipped.<br /> <br /> However, bd_oblocknr should never be 0 since block 0 typically stores the<br /> primary superblock and is never a valid GC target block. A corrupted ioctl<br /> request with bd_oblocknr set to 0 causes the comparison to incorrectly<br /> match when the lookup returns -ENOENT and sets bd_blocknr to 0, bypassing<br /> the dead block check and calling nilfs_bmap_mark() on a non-existent<br /> block. This causes nilfs_btree_do_lookup() to return -ENOENT, triggering<br /> the WARN_ON(ret == -ENOENT).<br /> <br /> Fix this by rejecting ioctl requests with bd_oblocknr set to 0 at the<br /> beginning of each iteration.<br /> <br /> [ryusuke: slightly modified the commit message and comments for accuracy]

Impacto