CVE-2026-53284

HIGHPre-NVD 7.57.5
EchelonGraph scoreHIGH confidence

Score 7.5 from GitHub Security Advisory (severity: HIGH) published 2026-06-26. a secondary CVSS source baseline 7.5; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, secondary
Trending — 3 sources updated this week
7.5
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

btrfs: only release the dirty pages io tree after successful writes

[WARNING] With extra warning on dirty extent buffers at umount (aka, the next patch in the series), test case generic/388 can trigger the following warning about dirty extent buffers at unmount time:

BTRFS critical (device dm-2 state E): emergency shutdown BTRFS error (device dm-2 state E): error while writing out transaction: -30 BTRFS warning (device dm-2 state E): Skipping commit of aborted transaction. BTRFS error (device dm-2 state EA): Transaction 9 aborted (error -30) BTRFS: error (device dm-2 state EA) in cleanup_transaction:2068: errno=-30 Readonly filesystem BTRFS info (device dm-2 state EA): forced readonly BTRFS info (device dm-2 state EA): last unmount of filesystem 4fbf2e15-f941-49a0-bc7c-716315d2777c ------------[ cut here ]------------ WARNING: disk-io.c:3311 at invalidate_and_check_btree_folios+0xfd/0x1ca [btrfs], CPU#8: umount/914368 CPU: 8 UID: 0 PID: 914368 Comm: umount Tainted: G OE 7.1.0-rc1-custom+ #372 PREEMPT(full) 2de38db8d1deae71fde295430a0ff3ab98ccf596 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022 RIP: 0010:invalidate_and_check_btree_folios+0xfd/0x1ca [btrfs] Call Trace: close_ctree+0x52e/0x574 [btrfs d2f0b1cd330d1287e7a9919d112eadfc0e914efd] generic_shutdown_super+0x89/0x1a0 kill_anon_super+0x16/0x40 btrfs_kill_super+0x16/0x20 [btrfs d2f0b1cd330d1287e7a9919d112eadfc0e914efd] deactivate_locked_super+0x2d/0xb0 cleanup_mnt+0xdc/0x140 task_work_run+0x5a/0xa0 exit_to_user_mode_loop+0x123/0x4b0 do_syscall_64+0x243/0x7c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 ---[ end trace 0000000000000000 ]--- BTRFS warning (device dm-2 state EA): unable to release extent buffer 30539776 owner 9 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30621696 owner 257 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30638080 owner 258 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30654464 owner 7 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30703616 owner 2 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30720000 owner 10 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30736384 owner 4 gen 9 refs 2 flags 0x7 BTRFS warning (device dm-2 state EA): unable to release extent buffer 30752768 owner 11 gen 9 refs 2 flags 0x7

I'm using a stripped down version, which seems to trigger the warning more reliably:

_fsstress_pid="" workload() { dmesg -C mkfs.btrfs -f -K $dev > /dev/null echo 1 > /sys/kernel/debug/clear_warn_once mount $dev $mnt $fsstress -w -n 1024 -p 4 -d $mnt & _fsstress_pid=$! sleep 0 $godown $mnt pkill --echo -PIPE fsstress > /dev/null wait $_fsstress_pid unset _fsstress_pid umount $mnt

if dmesg | grep -q "WARNING"; then fail fi }

for (( i = 0; i < $runtime; i++ )); do echo "=== $i/$runtime ===" workload done

[CAUSE] Inside btrfs_write_and_wait_transaction(), we first try to write all dirty ebs, then wait for them to finish.

After that we call btrfs_extent_io_tree_release() to free all extent states from dirty_pages io tree.

However if we hit an error from btrfs_write_marked_extent(), then we still call btrfs_extent_io_tree_release() to clear that dirty_pages io tree, which may contain dirty records that we haven't yet submitted.

Furthermore, the later transaction cleanup path will utilize that dirty_pages io tree to properly cleanup those dirty ebs, but since it's already empty, no dirty ebs are properly cleaned up, thus will later trigger the warnings inside invalidate_btree_folios(). ---truncated---

CVSS v3
7.5
EG Score
7.5(high)
EPSS
34.7%
KEV
Not listed

Published

June 26, 2026

Last Modified

June 30, 2026

Advisory Details (3)

Auto-updated Jun 28, 2026
No patch confirmed yet.
generic

btrfs: only release the dirty pages io tree after successful writes - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/df03d67dc63722845cb9fe59d815d1225b04fd54
generic

btrfs: only release the dirty pages io tree after successful writes - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/9ebb7eba1237dc198768b9c76506a79f924c82bb
generic

btrfs: only release the dirty pages io tree after successful writes - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/4066c55e109475a06d18a1f127c939d551211956

Vendor Advisories for CVE-2026-53284(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 38× in last 7d / 48× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-06 20:25 UTCEG score recompute
  2. 2026-07-06 20:25 UTCGHSA enrichment
  3. 2026-07-06 16:27 UTCEPSS rescore
  4. 2026-07-06 16:27 UTCEPSS rescore
  5. 2026-07-06 08:12 UTCEG score recompute
  6. 2026-07-06 08:12 UTCGHSA enrichment
  7. 2026-07-06 02:23 UTCEPSS rescore
  8. 2026-07-06 02:23 UTCEPSS rescore
  9. 2026-07-05 20:09 UTCEG score recompute
  10. 2026-07-05 20:09 UTCGHSA enrichment
  11. 2026-07-05 08:07 UTCEG score recompute
  12. 2026-07-05 08:07 UTCGHSA enrichment
  13. 2026-07-05 02:31 UTCEPSS rescore
  14. 2026-07-05 02:30 UTCEPSS rescore
  15. 2026-07-04 20:05 UTCEG score recompute
  16. 2026-07-04 20:05 UTCGHSA enrichment
  17. 2026-07-04 08:03 UTCEG score recompute
  18. 2026-07-04 08:03 UTCGHSA enrichment
  19. 2026-07-04 06:31 UTCEPSS rescore
  20. 2026-07-04 06:31 UTCEPSS rescore
  21. 2026-07-03 20:00 UTCEG score recompute
  22. 2026-07-03 19:59 UTCGHSA enrichment
  23. 2026-07-03 07:58 UTCEG score recompute
  24. 2026-07-03 07:57 UTCGHSA enrichment
  25. 2026-07-02 19:55 UTCEG score recompute
Show 23 more
  1. 2026-07-02 19:54 UTCGHSA enrichment
  2. 2026-07-02 07:53 UTCEG score recompute
  3. 2026-07-02 07:52 UTCGHSA enrichment
  4. 2026-07-01 19:51 UTCEG score recompute
  5. 2026-07-01 19:51 UTCGHSA enrichment
  6. 2026-07-01 15:07 UTCEPSS rescore
  7. 2026-07-01 07:48 UTCEG score recompute
  8. 2026-07-01 07:48 UTCGHSA enrichment
  9. 2026-06-30 23:22 UTCEPSS rescore
  10. 2026-06-30 19:46 UTCEG score recompute
  11. 2026-06-30 19:46 UTCGHSA enrichment
  12. 2026-06-30 07:44 UTCEG score recompute
  13. 2026-06-30 07:44 UTCGHSA enrichment
  14. 2026-06-29 19:42 UTCEG score recompute 7.50
  15. 2026-06-29 19:42 UTCGHSA enrichment
  16. 2026-06-29 14:06 UTCEPSS rescore
  17. 2026-06-29 14:06 UTCEPSS rescore
  18. 2026-06-28 14:07 UTCEPSS rescore
  19. 2026-06-28 07:52 UTCMITRE cvelistV5CVSS v3 → 7.5 · severity → HIGH
  20. 2026-06-28 04:56 UTCEPSS rescore
  21. 2026-06-28 04:56 UTCEPSS rescore
  22. 2026-06-26 21:39 UTCEG score recompute
  23. 2026-06-26 21:39 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-53284?
CVE-2026-53284 is a high vulnerability published on June 26, 2026. In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes [WARNING] With extra warning on dirty extent buffers at umount (aka, the next patch in the series), test case generic/388 can trigger the following warning about…
When was CVE-2026-53284 disclosed?
CVE-2026-53284 was first published in the National Vulnerability Database on June 26, 2026, with the most recent update on June 30, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-53284 actively exploited?
CVE-2026-53284 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 34.7% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-53284?
CVE-2026-53284 has a CVSS v3 base score of 7.5 (NVD).
How do I remediate CVE-2026-53284?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-53284, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-53284

Explore →

Is Your Infrastructure Affected by CVE-2026-53284?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.