CVE-2026-53017

Source
https://cve.org/CVERecord?id=CVE-2026-53017
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53017.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53017
Downstream
Published
2026-06-24T16:29:27.154Z
Modified
2026-07-12T03:54:54.469282786Z
Summary
f2fs: fix data loss caused by incorrect use of nat_entry flag
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix data loss caused by incorrect use of nat_entry flag

Data loss can occur when fsync is performed on a newly created file (before any checkpoint has been written) concurrently with a checkpoint operation. The scenario is as follows:

create & write & fsync 'file A' write checkpoint - f2fsdosyncfile // inline inode - f2fswriteinode // inode folio is dirty - f2fswritecheckpoint - f2fsflushmergedwrites - f2fssyncnodepages - f2fsflushnatentries - f2fsfsyncnodepages // no dirty node - f2fsneedinodeblock_update // return false SPO and lost 'file A'

f2fsflushnatentries() sets the ISCHECKPOINTED and HASLASTFSYNC flags for the natentry, but this does not mean that the checkpoint has actually completed successfully. However, f2fsneedinodeblock_update() checks these flags and incorrectly assumes that the checkpoint has finished.

The root cause is that the semantics of ISCHECKPOINTED and HASLAST_FSYNC are only guaranteed after the checkpoint write fully completes.

This patch modifies f2fsneedinodeblockupdate() to acquire the sbi->nodewrite lock before reading the natentry flags, ensuring that once ISCHECKPOINTED and HASLAST_FSYNC are observed to be set, the checkpoint operation has already completed.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53017.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e05df3b115e7308afbca652769b54e4549fcc723
Fixed
20cedb4d9f6b230d0ee469690b8f868f06a07c29
Fixed
238e14eb7226f883b72caccd2d37bf5707df066b

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53017.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53017.json"