Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2026-53122
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2026-53122 | 24 Jun 202616:30 | – | attackerkb |
 | CVE-2026-53122 | 24 Jun 202618:50 | – | circl |
 | CVE-2026-53122 | 24 Jun 202616:30 | – | cve |
 | CVE-2026-53122 btrfs: fix deadlock between reflink and transaction commit when using flushoncommit | 24 Jun 202616:30 | – | cvelist |
 | CVE-2026-53122 | 24 Jun 202616:30 | – | debiancve |
 | EUVD-2026-38990 | 24 Jun 202616:30 | – | euvd |
 | CVE-2026-53122 | 24 Jun 202617:17 | – | nvd |
 | DEBIAN-CVE-2026-53122 | 24 Jun 202620:48 | – | osv |
| ECHO-6DC3-AA60-9D71 | 25 Jun 202609:55 | – | osv |
| UBUNTU-CVE-2026-53122 | 25 Jun 202600:00 | – | osv |
10
| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-53122 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(322684);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/25");
script_cve_id("CVE-2026-53122");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-53122");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the
flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation
that copied an inline extent to an offset beyond the current i_size of the destination node. The deadlock
happens like this: 1) Task A clones an inline extent from inode X to an offset of inode Y that is beyond
Y's current i_size. This means we copied the inline extent's data to a folio of inode Y that is beyond its
EOF, using a call to copy_inline_to_page(); 2) Task B starts a transaction commit and calls
btrfs_start_delalloc_flush() to flush delalloc; 3) The delalloc flushing sees the new dirty folio of inode
Y and when it attempts to flush it, it ends up at extent_writepage() and sees that the offset of the folio
is beyond the i_size of inode Y, so it attempts to invalidate the folio by calling folio_invalidate(),
which ends up at btrfs' folio invalidate callback - btrfs_invalidate_folio(). There it tries to lock the
folio's range in inode Y's extent io tree, but it blocks since it's currently locked by task A - during a
reflink we lock the inodes and the source and destination ranges after flushing all delalloc and waiting
for ordered extent completion - after that we don't expect to have dirty folios in the ranges, the
exception is if we have to copy an inline extent's data (because the destination offset is not zero); 4)
Task A then attempts to start a transaction to update the inode item, and then it's blocked since the
current transaction is in the TRANS_STATE_COMMIT_START state. Therefore task A has to wait for the current
transaction to become unblocked (its state >= TRANS_STATE_UNBLOCKED). So task A is waiting for the
transaction commit done by task B, and the later waiting on the extent lock of inode Y that is currently
held by task A. Syzbot recently reported this with the following stack traces: INFO: task
kworker/u8:7:1053 blocked for more than 143 seconds. Not tainted syzkaller #0 echo 0 >
/proc/sys/kernel/hung_task_timeout_secs disables this message. task:kworker/u8:7 state:D stack:23520
pid:1053 tgid:1053 ppid:2 task_flags:0x4208060 flags:0x00080000 Workqueue: writeback wb_workfn (flush-
btrfs-46) Call Trace: <TASK> context_switch kernel/sched/core.c:5298 [inline] __schedule+0x1553/0x5240
kernel/sched/core.c:6911 __schedule_loop kernel/sched/core.c:6993 [inline] schedule+0x164/0x360
kernel/sched/core.c:7008 wait_extent_bit fs/btrfs/extent-io-tree.c:811 [inline]
btrfs_lock_extent_bits+0x59c/0x700 fs/btrfs/extent-io-tree.c:1914 btrfs_lock_extent fs/btrfs/extent-io-
tree.h:152 [inline] btrfs_invalidate_folio+0x43d/0xc40 fs/btrfs/inode.c:7704 extent_writepage
fs/btrfs/extent_io.c:1852 [inline] extent_write_cache_pages fs/btrfs/extent_io.c:2580 [inline]
btrfs_writepages+0x12ff/0x2440 fs/btrfs/extent_io.c:2713 do_writepages+0x32e/0x550 mm/page-
writeback.c:2554 __writeback_single_inode+0x133/0x11a0 fs/fs-writeback.c:1750
writeback_sb_inodes+0x995/0x19d0 fs/fs-writeback.c:2042 wb_writeback+0x456/0xb70 fs/fs-writeback.c:2227
wb_do_writeback fs/fs-writeback.c:2374 [inline] wb_workfn+0x41a/0xf60 fs/fs-writeback.c:2414
process_one_work kernel/workqueue.c:3276 [inline] process_scheduled_works+0xb6e/0x18c0
kernel/workqueue.c:3359 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440 kthread+0x388/0x470
kernel/kthread.c:436 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30
arch/x86/entry/entry_64.S:245 </TASK> INFO: task syz.4.64:6910 blocked for more than 143 seconds. Not
tainted syzkaller #0 echo 0 > /proc/sys/kernel/hung_task_timeout_secs disables this message.
task:syz.4.64 state:D stack:22752 pid:6910 tgid: ---truncated--- (CVE-2026-53122)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-53122");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-53122");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Debian Linux-12": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "12",
"pkgs": [
{"reference": "btrfs-modules-6.1.0-47-alpha-generic-di"},
{"reference": "cdrom-core-modules-6.1.0-47-alpha-generic-di"},
{"reference": "ext4-modules-6.1.0-47-alpha-generic-di"},
{"reference": "fat-modules-6.1.0-47-alpha-generic-di"},
{"reference": "isofs-modules-6.1.0-47-alpha-generic-di"},
{"reference": "jfs-modules-6.1.0-47-alpha-generic-di"},
{"reference": "kernel-image-6.1.0-47-alpha-generic-di"},
{"reference": "linux-doc"},
{"reference": "linux-doc-6.1"},
{"reference": "linux-headers-6.1.0"},
{"reference": "linux-source"},
{"reference": "linux-source-6.1"},
{"reference": "linux-support-6.1.0"},
{"reference": "loop-modules-6.1.0-47-alpha-generic-di"},
{"reference": "nic-modules-6.1.0-47-alpha-generic-di"},
{"reference": "nic-shared-modules-6.1.0-47-alpha-generic-di"},
{"reference": "nic-wireless-modules-6.1.0-47-alpha-generic-di"},
{"reference": "pata-modules-6.1.0-47-alpha-generic-di"},
{"reference": "ppp-modules-6.1.0-47-alpha-generic-di"},
{"reference": "scsi-core-modules-6.1.0-47-alpha-generic-di"},
{"reference": "scsi-modules-6.1.0-47-alpha-generic-di"},
{"reference": "scsi-nic-modules-6.1.0-47-alpha-generic-di"},
{"reference": "serial-modules-6.1.0-47-alpha-generic-di"},
{"reference": "usb-serial-modules-6.1.0-47-alpha-generic-di"},
{"reference": "xfs-modules-6.1.0-47-alpha-generic-di"}
]
}
]
},
"Debian Linux-11": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "11",
"pkgs": [
{"reference": "bpftool"},
{"reference": "btrfs-modules-5.10.0-32-alpha-generic-di"},
{"reference": "cdrom-core-modules-5.10.0-32-alpha-generic-di"},
{"reference": "hyperv-daemons"},
{"reference": "kernel-image-5.10.0-32-alpha-generic-di"},
{"reference": "libcpupower-dev"},
{"reference": "libcpupower1"},
{"reference": "linux-bootwrapper-5.10.0"},
{"reference": "linux-config-5.10"},
{"reference": "linux-cpupower"},
{"reference": "linux-doc"},
{"reference": "linux-doc-5.10"},
{"reference": "linux-headers-5.10.0"},
{"reference": "linux-kbuild-5.10"},
{"reference": "linux-libc-dev"},
{"reference": "linux-perf"},
{"reference": "linux-perf-5.10"},
{"reference": "linux-source"},
{"reference": "linux-source-5.10"},
{"reference": "linux-support-5.10.0"},
{"reference": "loop-modules-5.10.0-32-alpha-generic-di"},
{"reference": "nic-modules-5.10.0-32-alpha-generic-di"},
{"reference": "nic-shared-modules-5.10.0-32-alpha-generic-di"},
{"reference": "nic-wireless-modules-5.10.0-32-alpha-generic-di"},
{"reference": "pata-modules-5.10.0-32-alpha-generic-di"},
{"reference": "ppp-modules-5.10.0-32-alpha-generic-di"},
{"reference": "scsi-core-modules-5.10.0-32-alpha-generic-di"},
{"reference": "scsi-modules-5.10.0-32-alpha-generic-di"},
{"reference": "scsi-nic-modules-5.10.0-32-alpha-generic-di"},
{"reference": "serial-modules-5.10.0-32-alpha-generic-di"},
{"reference": "usb-serial-modules-5.10.0-32-alpha-generic-di"},
{"reference": "usbip"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9