CVE-2026-53303
f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.
INFO
Published Date :
June 26, 2026, 7:40 p.m.
Last Modified :
June 26, 2026, 7:40 p.m.
Remotely Exploit :
No
Source :
Linux
Affected Products
The following products are affected by CVE-2026-53303
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Hold sb_lock around extension list reads in f2fs_sbi_show().
- Ensure consistent data access during sysfs store operations.
- Update the Linux kernel to the latest resolved version.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-53303 vulnerability anywhere in the article.