Skip to main content

Linux CVE-2026-53303

| EUVDEUVD-2026-39838 HIGH
Out-of-bounds Read (CWE-125)
2026-06-26 Linux GHSA-rw4v-j63g-mf75
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:38 vuln.today
CVSS changed
Jul 06, 2026 - 20:37 NVD
7.1 (HIGH)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:40 nvd
HIGH 7.1
CVE Published
Jun 26, 2026 - 19:40 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data.

Fix this by holding sb_lock around the entire extension list read and format operation.

AnalysisAI

Out-of-bounds read (CWE-125) in the Linux kernel F2FS filesystem lets a local user trigger inconsistent access to the mount extension list by racing a sysfs read against a concurrent update. The f2fs_sbi_show() handler reads extension_list, extension_count and hot_ext_count without holding sbi->sb_lock, so a simultaneous f2fs_update_extension_list() store can yield a mismatched count/array pair and drive an out-of-bounds read that leaks stale kernel data or crashes the system. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify F2FS deployment across Linux systems (commands: grep f2fs /proc/filesystems; uname -r to identify kernel version on each host). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53303 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy