{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53017","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.378Z","datePublished":"2026-06-24T16:29:27.154Z","dateUpdated":"2026-06-24T16:29:27.154Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-24T16:29:27.154Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix data loss caused by incorrect use of nat_entry flag\n\nData loss can occur when fsync is performed on a newly created file\n(before any checkpoint has been written) concurrently with a checkpoint\noperation. The scenario is as follows:\n\ncreate & write & fsync 'file A'                 write checkpoint\n- f2fs_do_sync_file // inline inode\n - f2fs_write_inode // inode folio is dirty\n                                                - f2fs_write_checkpoint\n                                                 - f2fs_flush_merged_writes\n                                                 - f2fs_sync_node_pages\n                                                 - f2fs_flush_nat_entries\n - f2fs_fsync_node_pages // no dirty node\n - f2fs_need_inode_block_update // return false\n SPO and lost 'file A'\n\nf2fs_flush_nat_entries() sets the IS_CHECKPOINTED and HAS_LAST_FSYNC\nflags for the nat_entry, but this does not mean that the checkpoint has\nactually completed successfully. However, f2fs_need_inode_block_update()\nchecks these flags and incorrectly assumes that the checkpoint has\nfinished.\n\nThe root cause is that the semantics of IS_CHECKPOINTED and\nHAS_LAST_FSYNC are only guaranteed after the checkpoint write fully\ncompletes.\n\nThis patch modifies f2fs_need_inode_block_update() to acquire the\nsbi->node_write lock before reading the nat_entry flags, ensuring that\nonce IS_CHECKPOINTED and HAS_LAST_FSYNC are observed to be set, the\ncheckpoint operation has already completed."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/node.c"],"versions":[{"version":"e05df3b115e7308afbca652769b54e4549fcc723","lessThan":"20cedb4d9f6b230d0ee469690b8f868f06a07c29","status":"affected","versionType":"git"},{"version":"e05df3b115e7308afbca652769b54e4549fcc723","lessThan":"238e14eb7226f883b72caccd2d37bf5707df066b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/node.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/20cedb4d9f6b230d0ee469690b8f868f06a07c29"},{"url":"https://git.kernel.org/stable/c/238e14eb7226f883b72caccd2d37bf5707df066b"}],"title":"f2fs: fix data loss caused by incorrect use of nat_entry flag","x_generator":{"engine":"bippy-1.2.0"}}}}