CVE-2026-53018
Received Received - Intake
F2FS File System Memory Corruption in Garbage Collection

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fs_meta_aops ino:2 flags: 0x52880000000080a9(locked|waiters|uptodate|lru|private|zone=1|kasantag=0x4a) raw: 52880000000080a9 fffffffec6e17588 fffffffec0ccc088 a7ffff8067063618 raw: 000000000018b2dc 0000000000000009 00000003ffffffff f8ffff800e269c00 page dumped because: VM_BUG_ON_FOLIO(folio_test_uptodate(folio)) page_owner tracks the page as allocated post_alloc_hook+0x58c/0x5ec prep_new_page+0x34/0x284 get_page_from_freelist+0x2dcc/0x2e8c __alloc_pages_noprof+0x280/0x76c __folio_alloc_noprof+0x18/0xac __filemap_get_folio+0x6bc/0xdc4 pagecache_get_page+0x3c/0x104 do_garbage_collect+0x5c78/0x77a4 f2fs_gc+0xd74/0x25f0 gc_thread_func+0xb28/0x2930 kthread+0x464/0x5d8 ret_from_fork+0x10/0x20 ------------[ cut here ]------------ kernel BUG at mm/filemap.c:1563! folio_end_read+0x140/0x168 f2fs_finish_read_bio+0x5c4/0xb80 f2fs_read_end_io+0x64c/0x708 bio_endio+0x85c/0x8c0 blk_update_request+0x690/0x127c scsi_end_request+0x9c/0xb8c scsi_io_completion+0xf0/0x250 scsi_finish_command+0x430/0x45c scsi_complete+0x178/0x6d4 blk_mq_complete_request+0xcc/0x104 scsi_done_internal+0x214/0x454 scsi_done+0x24/0x34 which is similar to the problem reported by syzbot: https://syzkaller.appspot.com/bug?extid=3686758660f980b402dc This case is consistent with the description in commit 9bf1a3f ("f2fs: avoid GC causing encrypted file corrupted"): Page 1 is moved from blkaddr A to blkaddr B by move_data_block, and after being written it is marked as uptodate. Then, Page 1 is moved from blkaddr B to blkaddr C, VM_BUG_ON_FOLIO was triggered in the endio initiated by ra_data_block. There is no need to read Page 1 again from blkaddr B, since it has already been updated. Therefore, avoid initiating I/O in this case.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53018
EUVD
EUVD-2026-38886
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel f2fs *
linux kernel to 9bf1a3f (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's f2fs filesystem during garbage collection (GC). It involves the system reading pages that have already been updated, which can trigger a kernel bug. Specifically, a page that has been moved and marked as up-to-date is read again unnecessarily, causing a VM_BUG_ON_FOLIO error. The issue arises because the system initiates I/O on a page that does not need to be read again, leading to potential corruption or crashes.

Impact Analysis

This vulnerability can cause kernel crashes or bugs during filesystem garbage collection, potentially leading to system instability or data corruption. Since it involves the f2fs filesystem, users relying on this filesystem may experience unexpected crashes or corrupted files, especially during intensive file operations or garbage collection processes.

Detection Guidance

This vulnerability manifests as a kernel BUG triggered in the Linux kernel's f2fs filesystem during garbage collection, specifically related to reading already updated pages. Detection would involve monitoring kernel logs for messages similar to the following:

  • kernel BUG at mm/filemap.c:1563!
  • VM_BUG_ON_FOLIO triggered in f2fs garbage collection

To detect this on your system, you can check the kernel logs using commands such as:

  • dmesg | grep -i 'kernel BUG'
  • journalctl -k | grep -i 'f2fs'
  • grep -r 'VM_BUG_ON_FOLIO' /var/log/

Additionally, fuzz testing or stress testing the f2fs filesystem might reproduce the issue, but this requires advanced setup.

Mitigation Strategies

The vulnerability has been resolved in the Linux kernel by avoiding reading already updated pages during garbage collection in the f2fs filesystem.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • Avoid using affected versions of the f2fs filesystem kernel module until patched.
  • Monitor kernel logs for any signs of the bug to detect if the issue is occurring.

Since this is a kernel-level bug triggered during garbage collection in f2fs, applying the official patch or kernel update is the recommended and effective mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53018. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart