Description
In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix data loss caused by incorrect use of nat_entry flag

Data loss can occur when fsync is performed on a newly created file
(before any checkpoint has been written) concurrently with a checkpoint
operation. The scenario is as follows:

create & write & fsync 'file A' write checkpoint
- f2fs_do_sync_file // inline inode
- f2fs_write_inode // inode folio is dirty
- f2fs_write_checkpoint
- f2fs_flush_merged_writes
- f2fs_sync_node_pages
- f2fs_flush_nat_entries
- f2fs_fsync_node_pages // no dirty node
- f2fs_need_inode_block_update // return false
SPO and lost 'file A'

f2fs_flush_nat_entries() sets the IS_CHECKPOINTED and HAS_LAST_FSYNC
flags for the nat_entry, but this does not mean that the checkpoint has
actually completed successfully. However, f2fs_need_inode_block_update()
checks these flags and incorrectly assumes that the checkpoint has
finished.

The root cause is that the semantics of IS_CHECKPOINTED and
HAS_LAST_FSYNC are only guaranteed after the checkpoint write fully
completes.

This patch modifies f2fs_need_inode_block_update() to acquire the
sbi->node_write lock before reading the nat_entry flags, ensuring that
once IS_CHECKPOINTED and HAS_LAST_FSYNC are observed to be set, the
checkpoint operation has already completed.
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition exists in the Linux f2fs file system that can cause newly created files to be lost when an fsync operation is performed concurrently with a checkpoint operation. The flaw arises because the monitoring code checks nat_entry flags that are set before the checkpoint actually finishes, falsely assuming completion and discarding data. The result is loss of file data and corruption of data integrity for any user on the affected system.

Affected Systems

All installations of the Linux kernel that use the f2fs file system are impacted. The exact kernel version range is not specified in the advisory, but any system running f2fs before the patch to f2fs_need_inode_block_update() is vulnerable.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low overall exploitation probability. Attackers would need local or privileged access, as creating a file and triggering fsync during a checkpoint is required. The vulnerability does not provide code execution or privilege escalation, so the primary risk is data loss for users who rely on f2fs.

Generated by OpenCVE AI on June 27, 2026 at 03:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the f2fs bug fix, ensuring f2fs_need_inode_block_update() acquires the node_write lock when reading nat_entry flags.
  • Reboot the system to load the updated kernel and activate the patched logic.
  • After updating, perform test file creations, writes, and fsync operations during normal operation to confirm data integrity is preserved.

Generated by OpenCVE AI on June 27, 2026 at 03:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Sat, 27 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: f2fs: fix data loss caused by incorrect use of nat_entry flag Data loss can occur when fsync is performed on a newly created file (before any checkpoint has been written) concurrently with a checkpoint operation. The scenario is as follows: create & write & fsync 'file A' write checkpoint - f2fs_do_sync_file // inline inode - f2fs_write_inode // inode folio is dirty - f2fs_write_checkpoint - f2fs_flush_merged_writes - f2fs_sync_node_pages - f2fs_flush_nat_entries - f2fs_fsync_node_pages // no dirty node - f2fs_need_inode_block_update // return false SPO and lost 'file A' f2fs_flush_nat_entries() sets the IS_CHECKPOINTED and HAS_LAST_FSYNC flags for the nat_entry, but this does not mean that the checkpoint has actually completed successfully. However, f2fs_need_inode_block_update() checks these flags and incorrectly assumes that the checkpoint has finished. The root cause is that the semantics of IS_CHECKPOINTED and HAS_LAST_FSYNC are only guaranteed after the checkpoint write fully completes. This patch modifies f2fs_need_inode_block_update() to acquire the sbi->node_write lock before reading the nat_entry flags, ensuring that once IS_CHECKPOINTED and HAS_LAST_FSYNC are observed to be set, the checkpoint operation has already completed.
Title f2fs: fix data loss caused by incorrect use of nat_entry flag
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:27.154Z

Reserved: 2026-06-09T07:44:35.378Z

Link: CVE-2026-53017

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53017 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T03:30:10Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition