{"cve":{"cve_id":"CVE-2026-53018","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid reading already updated pages during GC\n\nWe found the following issue during fuzz testing:\n\npage: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9\nmemcg:f8ffff800e269c00\naops:f2fs_meta_aops ino:2\nflags: 0x52880000000080a9(locked|waiters|uptodate|lru|private|zone=1|kasantag=0x4a)\nraw: 52880000000080a9 fffffffec6e17588 fffffffec0ccc088 a7ffff8067063618\nraw: 000000000018b2dc 0000000000000009 00000003ffffffff f8ffff800e269c00\npage dumped because: VM_BUG_ON_FOLIO(folio_test_uptodate(folio))\npage_owner tracks the page as allocated\n post_alloc_hook+0x58c/0x5ec\n prep_new_page+0x34/0x284\n get_page_from_freelist+0x2dcc/0x2e8c\n __alloc_pages_noprof+0x280/0x76c\n __folio_alloc_noprof+0x18/0xac\n __filemap_get_folio+0x6bc/0xdc4\n pagecache_get_page+0x3c/0x104\n do_garbage_collect+0x5c78/0x77a4\n f2fs_gc+0xd74/0x25f0\n gc_thread_func+0xb28/0x2930\n kthread+0x464/0x5d8\n ret_from_fork+0x10/0x20\n------------[ cut here ]------------\nkernel BUG at mm/filemap.c:1563!\n folio_end_read+0x140/0x168\n f2fs_finish_read_bio+0x5c4/0xb80\n f2fs_read_end_io+0x64c/0x708\n bio_endio+0x85c/0x8c0\n blk_update_request+0x690/0x127c\n scsi_end_request+0x9c/0xb8c\n scsi_io_completion+0xf0/0x250\n scsi_finish_command+0x430/0x45c\n scsi_complete+0x178/0x6d4\n blk_mq_complete_request+0xcc/0x104\n scsi_done_internal+0x214/0x454\n scsi_done+0x24/0x34\n\nwhich is similar to the problem reported by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=3686758660f980b402dc\n\nThis case is consistent with the description in commit 9bf1a3f\n(\"f2fs: avoid GC causing encrypted file corrupted\"):\nPage 1 is moved from blkaddr A to blkaddr B by move_data_block, and after\nbeing written it is marked as uptodate. Then, Page 1 is moved from blkaddr\nB to blkaddr C, VM_BUG_ON_FOLIO was triggered in the endio initiated by\nra_data_block.\n\nThere is no need to read Page 1 again from blkaddr B, since it has already\nbeen updated. Therefore, avoid initiating I/O in this case.","published_at":"2026-06-24T16:29:28.051000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/4623c251496b99c530ce225c05334f4eac8b933a","https://git.kernel.org/stable/c/b663ebb8a340eae5442e605b6acd2cff5677f016","https://git.kernel.org/stable/c/570e2ccc7cb35fe720106964e65060602d3d2ac4"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:22.518073Z","updated_at":"2026-06-28T23:30:49.890169Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6aa58d8ad20a3323f42274c25820a6f54192422d","version_start_inclusive":true,"version_end":"4623c251496b99c530ce225c05334f4eac8b933a","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:6aa58d8ad20a3323f42274c25820a6f54192422d:4623c251496b99c530ce225c05334f4eac8b933a"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6aa58d8ad20a3323f42274c25820a6f54192422d","version_start_inclusive":true,"version_end":"b663ebb8a340eae5442e605b6acd2cff5677f016","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:6aa58d8ad20a3323f42274c25820a6f54192422d:b663ebb8a340eae5442e605b6acd2cff5677f016"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6aa58d8ad20a3323f42274c25820a6f54192422d","version_start_inclusive":true,"version_end":"570e2ccc7cb35fe720106964e65060602d3d2ac4","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:6aa58d8ad20a3323f42274c25820a6f54192422d:570e2ccc7cb35fe720106964e65060602d3d2ac4"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"4.19","version_start_inclusive":true,"version_end":"4.19","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:4.19:4.19"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"4.19","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:4.19"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.33","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.33:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.10","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.10:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/4623c251496b99c530ce225c05334f4eac8b933a","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b663ebb8a340eae5442e605b6acd2cff5677f016","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/570e2ccc7cb35fe720106964e65060602d3d2ac4","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-24T16:29:28.051000Z","label":"CVE published","source":null}]}