Description
In the Linux kernel, the following vulnerability has been resolved:

f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

In f2fs_sbi_show(), the extension_list, extension_count and
hot_ext_count are read without holding sbi->sb_lock. If a concurrent
sysfs store modifies the extension list via f2fs_update_extension_list(),
the show path may read inconsistent count and array contents, potentially
leading to out-of-bounds access or displaying stale data.

Fix this by holding sb_lock around the entire extension list read
and format operation.
Published: 2026-06-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the f2fs_sbi_show() routine reads critical data structures such as extension_list, extension_count, and hot_ext_count without holding the sb_lock. A concurrent modification via f2fs_update_extension_list() can produce an inconsistent state that may lead to an out-of-bounds read or stale data being displayed. The vulnerability is essentially an unsynchronized race condition that could expose kernel memory contents or trigger a crash due to an out-of-range access.

Affected Systems

Any Linux kernel that includes the f2fs file system and has not been updated to the fix is affected. The description does not specify kernel version ranges, implying that every build prior to the patch containing the unguarded read is susceptible, including upstream releases and downstream distributions with the same code.

Risk and Exploitability

The CVSS score is not supplied, and the EPSS score is unavailable, so the quantitative severity and exploitation likelihood cannot be determined. The race requires a process that can write to the f2fs sysfs extension list interface; this normally implies local privileged or root access unless the interface is exposed to unprivileged users. The potential out-of-bounds read could expose sensitive kernel data or cause a kernel stop, i.e., a denial of service. The vulnerability is not listed in CISA KEV, suggesting no widespread exploitation has been observed yet.

Generated by OpenCVE AI on June 26, 2026 at 22:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the sb_lock protection in f2fs_sbi_show()
  • Reboot the system after the kernel update to activate the patched code
  • Modify the permissions of the f2fs sysfs extension list interface to restrict writes to privileged users only until the patch is applied

Generated by OpenCVE AI on June 26, 2026 at 22:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-363

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.
Title f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:59.383Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53303

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T22:45:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-363

    Race Condition Enabling Link Following