GHSA-rw4v-j63g-mf75HighCVSS 7.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list...

Published
June 26, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data.

Fix this by holding sb_lock around the entire extension list read and format operation.

🔗 References (8)