Description
In the Linux kernel, the following vulnerability has been resolved:

f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

In f2fs_sbi_show(), the extension_list, extension_count and
hot_ext_count are read without holding sbi->sb_lock. If a concurrent
sysfs store modifies the extension list via f2fs_update_extension_list(),
the show path may read inconsistent count and array contents, potentially
leading to out-of-bounds access or displaying stale data.

Fix this by holding sb_lock around the entire extension list read
and format operation.
Published: 2026-06-26
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the f2fs file system's f2fs_sbi_show() function retrieves the extension list, extension count, and hot extension count without holding the sb_lock. Based on the description, it is inferred that a concurrent write through f2fs_update_extension_list() can leave these values inconsistent, leading to an out‑of‑bounds read or the display of stale data. This unsynchronized access can expose kernel memory contents or cause a kernel crash.

Affected Systems

Any system that runs the Linux kernel with the f2fs filesystem and has not yet received the patch that surrounds the extension list read with sb_lock is affected. The vulnerability applies to upstream kernel versions before the fix and to all downstream distributions that ship the same code base, regardless of distribution name.

Risk and Exploitability

The EPSS score is <1%, indicating a very low probability of exploitation, yet the vulnerability can be leveraged by a local user with write permission to the f2fs sysfs extension list interface. The likely attack vector is a local privileged or root process that writes to the interface, which may trigger an out‑of‑bounds read or kernel crash. The potential impact is information disclosure or denial of service. This vulnerability is not listed in CISA KEV, suggesting no known widespread exploitation.

Generated by OpenCVE AI on June 29, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest kernel release that includes the sb_lock protection in f2fs_sbi_show()
  • Reboot the system after the kernel upgrade to activate the patched code
  • Restrict write access to the f2fs sysfs extension list interface to privileged users only until the patch is applied

Generated by OpenCVE AI on June 29, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Mon, 29 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-363

Mon, 29 Jun 2026 12:15:00 +0000


Fri, 26 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-363

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.
Title f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:59.383Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53303

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53303 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T16:30:17Z

Weaknesses
  • CWE-366

    Race Condition within a Thread