CVE-2026-53017: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix data loss caused by incorrect use of nat_
Summary
A data loss vulnerability exists in the Linux kernel's f2fs (flash-friendly filesystem) when fsync (a command that forces data to be written to disk) is performed on a newly created file at the same time as a checkpoint (a periodic save of filesystem state) is running. The bug occurs because the system incorrectly assumes a checkpoint has finished based on certain flags (IS_CHECKPOINTED and HAS_LAST_FSYNC) before the checkpoint actually completes, causing the new file's data to be lost.
Solution / Mitigation
This patch modifies f2fs_need_inode_block_update() to acquire the sbi->node_write lock before reading the nat_entry flags, ensuring that once IS_CHECKPOINTED and HAS_LAST_FSYNC are observed to be set, the checkpoint operation has already completed.
Vulnerability Details
EPSS: 0.0%
June 24, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-53017
First tracked: June 24, 2026 at 02:02 PM
Classified by LLM (prompt v3) · confidence: 95%