CVE-2026-53015

Source
https://cve.org/CVERecord?id=CVE-2026-53015
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53015.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53015
Downstream
Published
2026-06-24T16:29:25.396Z
Modified
2026-07-08T08:13:43.839297101Z
Summary
erofs: unify lcn as u64 for 32-bit platforms
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: unify lcn as u64 for 32-bit platforms

As sashiko reported [1], lcn was typed as unsigned long (or unsigned int sometimes), which is only 32 bits wide on 32-bit platforms, which causes (lcn << lclusterbits) to be truncated at 4 GiB.

In order to consolidate the logic, just use u64 consistently around the codebase.

[1] https://sashiko.dev/r/20260420034612.1899973-1-hsiangkao%40linux.alibaba.com

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53015.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
152a333a589560bee002e4c96761f1b560a5793c
Fixed
4fc9b12e43a3f19a01a8fb61f7961be79de20253
Fixed
858e4d98a86adf34584767388deb6c9b217f70c5
Fixed
582b0bf201157632cb5474c885989a6ebda46521
Fixed
2d8c7edcb661812249469f4a5b62e9339118846f

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53015.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53015.json"