0.0
NA
CVE-2026-53368
f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage
Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage f2fs_need_dentry_mark() reads nat_entry flags without mutual exclusion with the checkpoint path, which can result in an incorrect inode block marking state. The scenario is as follows: create & write & fsync 'file A' write checkpoint - f2fs_do_sync_file // inline inode - f2fs_write_inode // inode folio is dirty - f2fs_write_checkpoint - f2fs_flush_merged_writes - f2fs_sync_node_pages - f2fs_fsync_node_pages // no dirty node - f2fs_need_inode_block_update // return true - f2fs_fsync_node_pages // inode dirtied - f2fs_need_dentry_mark //return true - f2fs_flush_nat_entries - f2fs_write_checkpoint end - __write_node_folio // inode with DENT_BIT_SHIFT set SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set The state observed by f2fs_need_dentry_mark() can differ from the state observed in __write_node_folio() after acquiring sbi->node_write. The root cause is that the semantics of IS_CHECKPOINTED and HAS_FSYNCED_INODE are only guaranteed after the checkpoint write has fully completed. This patch moves set_dentry_mark() into __write_node_folio() and protects it with the sbi->node_write lock.

INFO

Published Date :

July 19, 2026, 9:17 a.m.

Last Modified :

July 19, 2026, 9:17 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2026-53368 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

Solution
Fix race condition in f2fs by protecting dentry mark updates with a lock.
  • Apply the provided patch to the Linux kernel.
  • Ensure sbi->node_write lock protects dentry mark updates.
  • Update the Linux kernel to a patched version.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-53368.

URL Resource
https://git.kernel.org/stable/c/019f9dda7f66e55eb94cd32e1d3fff5835f73fbc
https://git.kernel.org/stable/c/b28a83ea4934215b5de906c3ee4fbfbc651573e0
https://git.kernel.org/stable/c/bedb710b63ae1bd617e65d0a8cf6cea1200b3753
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-53368 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-53368 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-53368 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2026-53368 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 19, 2026

    Action Type Old Value New Value
    Added Affected [{'repo': 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git', 'vendor': 'Linux', 'product': 'Linux', 'versions': [{'status': 'affected', 'version': '88bd02c9472a166b706284a34a84f1243322d782', 'lessThan': 'bedb710b63ae1bd617e65d0a8cf6cea1200b3753', 'versionType': 'git'}, {'status': 'affected', 'version': '88bd02c9472a166b706284a34a84f1243322d782', 'lessThan': 'b28a83ea4934215b5de906c3ee4fbfbc651573e0', 'versionType': 'git'}, {'status': 'affected', 'version': '88bd02c9472a166b706284a34a84f1243322d782', 'lessThan': '019f9dda7f66e55eb94cd32e1d3fff5835f73fbc', 'versionType': 'git'}], 'programFiles': ['fs/f2fs/node.c'], 'defaultStatus': 'unaffected'}, {'repo': 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git', 'vendor': 'Linux', 'product': 'Linux', 'versions': [{'status': 'affected', 'version': '3.18'}, {'status': 'unaffected', 'version': '0', 'lessThan': '3.18', 'versionType': 'semver'}, {'status': 'unaffected', 'version': '6.18.30', 'versionType': 'semver', 'lessThanOrEqual': '6.18.*'}, {'status': 'unaffected', 'version': '7.0.7', 'versionType': 'semver', 'lessThanOrEqual': '7.0.*'}, {'status': 'unaffected', 'version': '7.1', 'versionType': 'original_commit_for_fix', 'lessThanOrEqual': '*'}], 'programFiles': ['fs/f2fs/node.c'], 'defaultStatus': 'affected'}]
    Added Description In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage f2fs_need_dentry_mark() reads nat_entry flags without mutual exclusion with the checkpoint path, which can result in an incorrect inode block marking state. The scenario is as follows: create & write & fsync 'file A' write checkpoint - f2fs_do_sync_file // inline inode - f2fs_write_inode // inode folio is dirty - f2fs_write_checkpoint - f2fs_flush_merged_writes - f2fs_sync_node_pages - f2fs_fsync_node_pages // no dirty node - f2fs_need_inode_block_update // return true - f2fs_fsync_node_pages // inode dirtied - f2fs_need_dentry_mark //return true - f2fs_flush_nat_entries - f2fs_write_checkpoint end - __write_node_folio // inode with DENT_BIT_SHIFT set SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set The state observed by f2fs_need_dentry_mark() can differ from the state observed in __write_node_folio() after acquiring sbi->node_write. The root cause is that the semantics of IS_CHECKPOINTED and HAS_FSYNCED_INODE are only guaranteed after the checkpoint write has fully completed. This patch moves set_dentry_mark() into __write_node_folio() and protects it with the sbi->node_write lock.
    Added Reference https://git.kernel.org/stable/c/019f9dda7f66e55eb94cd32e1d3fff5835f73fbc
    Added Reference https://git.kernel.org/stable/c/b28a83ea4934215b5de906c3ee4fbfbc651573e0
    Added Reference https://git.kernel.org/stable/c/bedb710b63ae1bd617e65d0a8cf6cea1200b3753
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.