HOMEVULNERABILITIESCVE-2026-53018
NONE

CVE-2026-53018

Published: June 24, 2026· Updated: Jun 24, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: avoid reading already updated pages during GC

We found the following issue during fuzz testing:

page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9

memcg:f8ffff800e269c00

aops:f2fs_meta_aops ino:2

flags: 0x52880000000080a9(locked|waiters|uptodate|lru|private|zone=1|kasantag=0x4a)

raw: 52880000000080a9 fffffffec6e17588 fffffffec0ccc088 a7ffff8067063618

raw: 000000000018b2dc 0000000000000009 00000003ffffffff f8ffff800e269c00

page dumped because: VM_BUG_ON_FOLIO(folio_test_uptodate(folio))

page_owner tracks the page as allocated

post_alloc_hook+0x58c/0x5ec

prep_new_page+0x34/0x284

get_page_from_freelist+0x2dcc/0x2e8c

__alloc_pages_noprof+0x280/0x76c

__folio_alloc_noprof+0x18/0xac

__filemap_get_folio+0x6bc/0xdc4

pagecache_get_page+0x3c/0x104

do_garbage_collect+0x5c78/0x77a4

f2fs_gc+0xd74/0x25f0

gc_thread_func+0xb28/0x2930

kthread+0x464/0x5d8

ret_from_fork+0x10/0x20

------------[ cut here ]------------

kernel BUG at mm/filemap.c:1563!

folio_end_read+0x140/0x168

f2fs_finish_read_bio+0x5c4/0xb80

f2fs_read_end_io+0x64c/0x708

bio_endio+0x85c/0x8c0

blk_update_request+0x690/0x127c

scsi_end_request+0x9c/0xb8c

scsi_io_completion+0xf0/0x250

scsi_finish_command+0x430/0x45c

scsi_complete+0x178/0x6d4

blk_mq_complete_request+0xcc/0x104

scsi_done_internal+0x214/0x454

scsi_done+0x24/0x34

which is similar to the problem reported by syzbot:

https://syzkaller.appspot.com/bug?extid=3686758660f980b402dc

This case is consistent with the description in commit 9bf1a3f

("f2fs: avoid GC causing encrypted file corrupted"):

Page 1 is moved from blkaddr A to blkaddr B by move_data_block, and after

being written it is marked as uptodate. Then, Page 1 is moved from blkaddr

B to blkaddr C, VM_BUG_ON_FOLIO was triggered in the endio initiated by

ra_data_block.

There is no need to read Page 1 again from blkaddr B, since it has already

been updated. Therefore, avoid initiating I/O in this case.

NVD Source

Technical Analysis

CVE-2026-53018 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-53018
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJun 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53018 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.