SB20260625147 - Race condition in Linux kernel f2fs
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2026-53017)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause data loss.
The vulnerability exists due to a race condition in f2fs_need_inode_block_update() and nat_entry flag handling when performing fsync on a newly created file concurrently with a checkpoint operation. A local user can trigger concurrent file and checkpoint activity to cause data loss.
The issue occurs before any checkpoint has been written for the newly created file.
Remediation
Install update from vendor's website.