SB20260625147 - Race condition in Linux kernel f2fs



SB20260625147 - Race condition in Linux kernel f2fs

Published: June 25, 2026

Security Bulletin ID SB20260625147
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Race condition (CVE-ID: CVE-2026-53017)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause data loss.

The vulnerability exists due to a race condition in f2fs_need_inode_block_update() and nat_entry flag handling when performing fsync on a newly created file concurrently with a checkpoint operation. A local user can trigger concurrent file and checkpoint activity to cause data loss.

The issue occurs before any checkpoint has been written for the newly created file.


Remediation

Install update from vendor's website.