{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53027","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.379Z","datePublished":"2026-06-24T16:29:35.740Z","dateUpdated":"2026-06-24T16:29:35.740Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-24T16:29:35.740Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()\n\nWhen a compressed or sparse attribute has its clusters frame-aligned,\nvcn is rounded down to the frame start using cmask, which can result\nin vcn != vcn0. In this case, vcn and vcn0 may reside in different\nattribute segments.\n\nThe code already handles the case where vcn is in a different segment\nby loading its runs before allocation. However, it fails to load runs\nfor vcn0 when vcn0 resides in a different segment than vcn. This causes\nrun_lookup_entry() to return SPARSE_LCN for vcn0 since its segment was\nnever loaded into the in-memory run list, triggering the WARN_ON(1).\n\nFix this by adding a missing check for vcn0 after the existing vcn\nsegment check. If vcn0 falls outside the current segment range\n[svcn, evcn1), find and load the attribute segment containing vcn0\nbefore performing the run lookup.\n\nThe following scenario triggers the bug:\n  attr_data_get_block_locked()\n    vcn = vcn0 & cmask        <- vcn != vcn0 after frame alignment\n    load runs for vcn segment <- vcn0 segment not loaded!\n    attr_allocate_clusters()  <- allocation succeeds\n    run_lookup_entry(vcn0)    <- vcn0 not in run -> SPARSE_LCN\n    WARN_ON(1)                <- bug fires here!"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ntfs3/attrib.c"],"versions":[{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54","status":"affected","versionType":"git"},{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"d7ea8495fd307b58f8867acd81a1b40075b1d3ba","status":"affected","versionType":"git"},{"version":"406a037d93b769bca248476bd14bbe548dc1ec35","status":"affected","versionType":"git"},{"version":"6.1.132","lessThan":"6.2","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ntfs3/attrib.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.132"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54"},{"url":"https://git.kernel.org/stable/c/d7ea8495fd307b58f8867acd81a1b40075b1d3ba"}],"title":"fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()","x_generator":{"engine":"bippy-1.2.0"}}}}