Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53320— nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()

AI Predicted 5.5 Difficulty: Moderate EPSS 0.17% · P7

Possible ATT&CK Techniques 1AI

T1564.008 · Email Hiding Rules

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux7942b919f7321f95a777d396ff7894a7a83dc9b0< e0a0c4903cbba351f0f5b5d104960d3a5b23202faffected
7942b919f7321f95a777d396ff7894a7a83dc9b0< 9472d37799a0b9ff9b99639f35961ac2f0b3c9beaffected
7942b919f7321f95a777d396ff7894a7a83dc9b0< 65e07964b4b2daf9a54e686cf0fa72d74a9648a8affected
7942b919f7321f95a777d396ff7894a7a83dc9b0< b88f905d4449b70da6bda547be546e365e44352eaffected
7942b919f7321f95a777d396ff7894a7a83dc9b0< 4525658002be3ad310b16bf8db48c8adb6a55d32affected
7942b919f7321f95a777d396ff7894a7a83dc9b0< e5ff0ba4b6983cdbcc826efc201e7179ece5d46faffected
7942b919f7321f95a777d396ff7894a7a83dc9b0< 94094e70fe292c9566502772d4d4d6d6a99204b1affected
7942b919f7321f95a777d396ff7894a7a83dc9b0< be3e5d10643d3be1cbac9d9939f220a99253f980affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53320

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks by comparing it with the current block number bd_blocknr. If they differ, the block is considered dead and skipped. However, bd_oblocknr should never be 0 since block 0 typically stores the primary superblock and is never a valid GC target block. A corrupted ioctl request with bd_oblocknr set to 0 causes the comparison to incorrectly match when the lookup returns -ENOENT and sets bd_blocknr to 0, bypassing the dead block check and calling nilfs_bmap_mark() on a non-existent block. This causes nilfs_btree_do_lookup() to return -ENOENT, triggering the WARN_ON(ret == -ENOENT). Fix this by rejecting ioctl requests with bd_oblocknr set to 0 at the beginning of each iteration. [ryusuke: slightly modified the commit message and comments for accuracy]
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的操作系统Linux所使用的内核。 Linux kernel 2.6.30版本存在安全漏洞,该漏洞源于nilfs2中nilfs_ioctl_mark_blocks_dirty()函数未能正确验证bd_oblocknr参数为零的情况,可能导致触发WARN_ON并造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 7942b919f7321f95a777d396ff7894a7a83dc9b0 ~ e0a0c4903cbba351f0f5b5d104960d3a5b23202f -
LinuxLinux 2.6.30 -

II. Public POCs for CVE-2026-53320

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53320

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53320 (8)

Same Patch Batch · Linux · 2026-06-26 · 47 CVEs total

CVE-2026-533099.8 CRITICALocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
CVE-2026-533228.8 HIGHvfio/pci: Clean up DMABUFs before disabling function
CVE-2026-532818.8 HIGHiommu/vt-d: Avoid NULL pointer dereference or refcount corruption
CVE-2026-533007.8 HIGHnet: enetc: fix NTMP DMA use-after-free issue
CVE-2026-532907.8 HIGHdrm/xe/eustall: Fix drm_dev_put called before stream disable in close
CVE-2026-532847.5 HIGHbtrfs: only release the dirty pages io tree after successful writes
CVE-2026-53293drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
CVE-2026-53324net: mana: Use pci_name() for debugfs directory naming
CVE-2026-53283iommu/amd: Bounds-check devid in __rlookup_amd_iommu()
CVE-2026-53280iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
CVE-2026-53282x86/kexec: Push kjump return address even for non-kjump kexec
CVE-2026-53279drm/gma500/oaktrail_lvds: fix hang on init failure
CVE-2026-53292net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind
CVE-2026-53291ALSA: hda/conexant: Fix missing error check for jack detection
CVE-2026-53289ice: fix NULL pointer dereference in ice_reset_all_vfs()
CVE-2026-53294mailbox: mailbox-test: don't free the reused channel
CVE-2026-53295mailbox: add sanity check for channel array
CVE-2026-53296mailbox: mailbox-test: free channels on probe error
CVE-2026-53297net: mana: Guard mana_remove against double invocation
CVE-2026-53298net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()

Showing top 20 of 47 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53320

No comments yet


Leave a comment