{"id":"CVE-2026-53017","summary":"f2fs: fix data loss caused by incorrect use of nat_entry flag","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix data loss caused by incorrect use of nat_entry flag\n\nData loss can occur when fsync is performed on a newly created file\n(before any checkpoint has been written) concurrently with a checkpoint\noperation. The scenario is as follows:\n\ncreate & write & fsync 'file A'                 write checkpoint\n- f2fs_do_sync_file // inline inode\n - f2fs_write_inode // inode folio is dirty\n                                                - f2fs_write_checkpoint\n                                                 - f2fs_flush_merged_writes\n                                                 - f2fs_sync_node_pages\n                                                 - f2fs_flush_nat_entries\n - f2fs_fsync_node_pages // no dirty node\n - f2fs_need_inode_block_update // return false\n SPO and lost 'file A'\n\nf2fs_flush_nat_entries() sets the IS_CHECKPOINTED and HAS_LAST_FSYNC\nflags for the nat_entry, but this does not mean that the checkpoint has\nactually completed successfully. However, f2fs_need_inode_block_update()\nchecks these flags and incorrectly assumes that the checkpoint has\nfinished.\n\nThe root cause is that the semantics of IS_CHECKPOINTED and\nHAS_LAST_FSYNC are only guaranteed after the checkpoint write fully\ncompletes.\n\nThis patch modifies f2fs_need_inode_block_update() to acquire the\nsbi-\u003enode_write lock before reading the nat_entry flags, ensuring that\nonce IS_CHECKPOINTED and HAS_LAST_FSYNC are observed to be set, the\ncheckpoint operation has already completed.","modified":"2026-07-12T03:54:54.469282786Z","published":"2026-06-24T16:29:27.154Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53017.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/20cedb4d9f6b230d0ee469690b8f868f06a07c29"},{"type":"WEB","url":"https://git.kernel.org/stable/c/238e14eb7226f883b72caccd2d37bf5707df066b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53017.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53017"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e05df3b115e7308afbca652769b54e4549fcc723"},{"fixed":"20cedb4d9f6b230d0ee469690b8f868f06a07c29"},{"fixed":"238e14eb7226f883b72caccd2d37bf5707df066b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53017.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.8.0"},{"fixed":"7.0.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53017.json"}}],"schema_version":"1.7.5"}