HOMEVULNERABILITIESCVE-2026-53027
NONE

CVE-2026-53027

Published: June 24, 2026· Updated: Jun 24, 2026

EPSS:0.15%probability of exploitation in 30 daysPercentile:5.0th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()

When a compressed or sparse attribute has its clusters frame-aligned,

vcn is rounded down to the frame start using cmask, which can result

in vcn != vcn0. In this case, vcn and vcn0 may reside in different

attribute segments.

The code already handles the case where vcn is in a different segment

by loading its runs before allocation. However, it fails to load runs

for vcn0 when vcn0 resides in a different segment than vcn. This causes

run_lookup_entry() to return SPARSE_LCN for vcn0 since its segment was

never loaded into the in-memory run list, triggering the WARN_ON(1).

Fix this by adding a missing check for vcn0 after the existing vcn

segment check. If vcn0 falls outside the current segment range

[svcn, evcn1), find and load the attribute segment containing vcn0

before performing the run lookup.

The following scenario triggers the bug:

attr_data_get_block_locked()

vcn = vcn0 & cmask <- vcn != vcn0 after frame alignment

load runs for vcn segment <- vcn0 segment not loaded!

attr_allocate_clusters() <- allocation succeeds

run_lookup_entry(vcn0) <- vcn0 not in run -> SPARSE_LCN

WARN_ON(1) <- bug fires here!

NVD Source

Technical Analysis

CVE-2026-53027 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-53027
SeverityNONE
CISA KEVNo
EPSS (30d)0.15%
PublishedJun 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53027 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.