Race condition in Linux kernel - CVE-2026-53017

 

Race condition in Linux kernel - CVE-2026-53017

Published: June 25, 2026


Vulnerability identifier: #VU135332
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53017
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause data loss.

The vulnerability exists due to a race condition in f2fs_need_inode_block_update() and nat_entry flag handling when performing fsync on a newly created file concurrently with a checkpoint operation. A local user can trigger concurrent file and checkpoint activity to cause data loss.

The issue occurs before any checkpoint has been written for the newly created file.


How to mitigate CVE-2026-53017

Install security update from vendor's repository.

Sources