CVE-2026-53018

NONECVSS 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: 0%CVSS: Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

f2fs: avoid reading already updated pages during GC

We found the following issue during fuzz testing:

page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fs_meta_aops ino:2 flags: 0x52880000000080a9(locked|waiters|uptodate|lru|private|zone=1|kasantag=0x4a) raw: 52880000000080a9 fffffffec6e17588 fffffffec0ccc088 a7ffff8067063618 raw: 000000000018b2dc 0000000000000009 00000003ffffffff f8ffff800e269c00 page dumped because: VM_BUG_ON_FOLIO(folio_test_uptodate(folio)) page_owner tracks the page as allocated post_alloc_hook+0x58c/0x5ec prep_new_page+0x34/0x284 get_page_from_freelist+0x2dcc/0x2e8c __alloc_pages_noprof+0x280/0x76c __folio_alloc_noprof+0x18/0xac __filemap_get_folio+0x6bc/0xdc4 pagecache_get_page+0x3c/0x104 do_garbage_collect+0x5c78/0x77a4 f2fs_gc+0xd74/0x25f0 gc_thread_func+0xb28/0x2930 kthread+0x464/0x5d8 ret_from_fork+0x10/0x20 ------------[ cut here ]------------ kernel BUG at mm/filemap.c:1563! folio_end_read+0x140/0x168 f2fs_finish_read_bio+0x5c4/0xb80 f2fs_read_end_io+0x64c/0x708 bio_endio+0x85c/0x8c0 blk_update_request+0x690/0x127c scsi_end_request+0x9c/0xb8c scsi_io_completion+0xf0/0x250 scsi_finish_command+0x430/0x45c scsi_complete+0x178/0x6d4 blk_mq_complete_request+0xcc/0x104 scsi_done_internal+0x214/0x454 scsi_done+0x24/0x34

which is similar to the problem reported by syzbot: https://syzkaller.appspot.com/bug?extid=3686758660f980b402dc

This case is consistent with the description in commit 9bf1a3f ("f2fs: avoid GC causing encrypted file corrupted"): Page 1 is moved from blkaddr A to blkaddr B by move_data_block, and after being written it is marked as uptodate. Then, Page 1 is moved from blkaddr B to blkaddr C, VM_BUG_ON_FOLIO was triggered in the endio initiated by ra_data_block.

There is no need to read Page 1 again from blkaddr B, since it has already been updated. Therefore, avoid initiating I/O in this case.

CVSS v3
EG Score
0.0(none)
EPSS
6.1%
KEV
Not listed

Published

June 24, 2026

Last Modified

June 24, 2026

Vendor Advisories for CVE-2026-53018(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 0× in last 7d / 0× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-06 02:23 UTCEPSS rescore
  2. 2026-07-06 02:23 UTCEPSS rescore
  3. 2026-07-04 13:05 UTCGHSA enrichment
  4. 2026-07-04 06:31 UTCEPSS rescore
  5. 2026-07-01 06:50 UTCGHSA enrichment
  6. 2026-06-30 23:22 UTCEPSS rescore
  7. 2026-06-29 14:06 UTCEPSS rescore
  8. 2026-06-29 14:06 UTCEPSS rescore
  9. 2026-06-28 14:07 UTCEPSS rescore
  10. 2026-06-28 04:56 UTCEPSS rescore
  11. 2026-06-28 04:56 UTCEPSS rescore
  12. 2026-06-28 00:36 UTCEG score recompute
  13. 2026-06-28 00:36 UTCGHSA enrichment
  14. 2026-06-27 03:08 UTCEPSS rescore
  15. 2026-06-25 13:49 UTCEPSS rescore
  16. 2026-06-24 18:21 UTCEG score recompute
  17. 2026-06-24 18:02 UTCNVD updatefirst tracked

Frequently asked(4)

What is CVE-2026-53018?
CVE-2026-53018 is a none vulnerability published on June 24, 2026. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2…
When was CVE-2026-53018 disclosed?
CVE-2026-53018 was first published in the National Vulnerability Database on June 24, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-53018 actively exploited?
CVE-2026-53018 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 6.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
How do I remediate CVE-2026-53018?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-53018, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-53018

Explore →

Is Your Infrastructure Affected by CVE-2026-53018?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.