CVE-2026-53368 – f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage

CVE ID :CVE-2026-53368

Published : July 19, 2026, 9:17 a.m. | 23 minutes ago

Description :In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage

f2fs_need_dentry_mark() reads nat_entry flags without mutual exclusion
with the checkpoint path, which can result in an incorrect inode block
marking state. The scenario is as follows:

create & write & fsync ‘file A’ write checkpoint
– f2fs_do_sync_file // inline inode
– f2fs_write_inode // inode folio is dirty
– f2fs_write_checkpoint
– f2fs_flush_merged_writes
– f2fs_sync_node_pages
– f2fs_fsync_node_pages // no dirty node
– f2fs_need_inode_block_update // return true
– f2fs_fsync_node_pages // inode dirtied
– f2fs_need_dentry_mark //return true
– f2fs_flush_nat_entries
– f2fs_write_checkpoint end
– __write_node_folio // inode with DENT_BIT_SHIFT set
SPO, “fsck –dry-run” find inode has already checkpointed but still
with DENT_BIT_SHIFT set

The state observed by f2fs_need_dentry_mark() can differ from the state
observed in __write_node_folio() after acquiring sbi->node_write. The
root cause is that the semantics of IS_CHECKPOINTED and
HAS_FSYNCED_INODE are only guaranteed after the checkpoint write has
fully completed.

This patch moves set_dentry_mark() into __write_node_folio() and
protects it with the sbi->node_write lock.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

آسیب‌پذیری‌های جدید و وصله‌های امنیتی به‌صورت مداوم منتشر می‌شوند و عدم بروزرسانی به‌موقع می‌تواند امنیت سرویس‌های حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرم‌افزارها، نصب Patchهای امنیتی و سخت‌سازی سرورها است.

خدمات مدیریت و امنیت سرور

نوشته های مشابه