CVE-2026-53015 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported [1], `lcn` was typed as `unsigned long` (or `unsigned int` sometimes), which is only 32 bits wide on 32-bit platforms, which causes `(lcn << lclusterbits)` to be truncated at 4 GiB. In order to consolidate the logic, just use `u64` consistently around the codebase. [1] https://sashiko.dev/r/20260420034612.1899973-1-hsiangkao%40linux.alibaba.com

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2d8c7edcb661812249469f4a5b62e9339118846f
https://git.kernel.org/stable/c/4fc9b12e43a3f19a01a8fb61f7961be79de20253
https://git.kernel.org/stable/c/582b0bf201157632cb5474c885989a6ebda46521
https://git.kernel.org/stable/c/858e4d98a86adf34584767388deb6c9b217f70c5

History

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported [1], `lcn` was typed as `unsigned long` (or `unsigned int` sometimes), which is only 32 bits wide on 32-bit platforms, which causes `(lcn << lclusterbits)` to be truncated at 4 GiB. In order to consolidate the logic, just use `u64` consistently around the codebase. [1] https://sashiko.dev/r/20260420034612.1899973-1-hsiangkao%40linux.alibaba.com
Title		erofs: unify lcn as u64 for 32-bit platforms
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2d8c7edcb661812249469f4a5b62e9339118846f https://git.kernel.org/stable/c/4fc9b12e43a3f19a01a8fb61f7961be79de20253 https://git.kernel.org/stable/c/582b0bf201157632cb5474c885989a6ebda46521 https://git.kernel.org/stable/c/858e4d98a86adf34584767388deb6c9b217f70c5

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:29:25.396Z

Updated: 2026-06-24T16:29:25.396Z

Reserved: 2026-06-09T07:44:35.378Z

Link: CVE-2026-53015

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53015", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.378Z", "datePublished": "2026-06-24T16:29:25.396Z", "dateUpdated": "2026-06-24T16:29:25.396Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:29:25.396Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: unify lcn as u64 for 32-bit platforms\n\nAs sashiko reported [1], `lcn` was typed as `unsigned long` (or\n`unsigned int` sometimes), which is only 32 bits wide on 32-bit\nplatforms, which causes `(lcn << lclusterbits)` to be truncated\nat 4 GiB.\n\nIn order to consolidate the logic, just use `u64` consistently\naround the codebase.\n\n[1] https://sashiko.dev/r/20260420034612.1899973-1-hsiangkao%40linux.alibaba.com"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/erofs/zmap.c"], "versions": [{"version": "152a333a589560bee002e4c96761f1b560a5793c", "lessThan": "4fc9b12e43a3f19a01a8fb61f7961be79de20253", "status": "affected", "versionType": "git"}, {"version": "152a333a589560bee002e4c96761f1b560a5793c", "lessThan": "858e4d98a86adf34584767388deb6c9b217f70c5", "status": "affected", "versionType": "git"}, {"version": "152a333a589560bee002e4c96761f1b560a5793c", "lessThan": "582b0bf201157632cb5474c885989a6ebda46521", "status": "affected", "versionType": "git"}, {"version": "152a333a589560bee002e4c96761f1b560a5793c", "lessThan": "2d8c7edcb661812249469f4a5b62e9339118846f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/erofs/zmap.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4fc9b12e43a3f19a01a8fb61f7961be79de20253"}, {"url": "https://git.kernel.org/stable/c/858e4d98a86adf34584767388deb6c9b217f70c5"}, {"url": "https://git.kernel.org/stable/c/582b0bf201157632cb5474c885989a6ebda46521"}, {"url": "https://git.kernel.org/stable/c/2d8c7edcb661812249469f4a5b62e9339118846f"}], "title": "erofs: unify lcn as u64 for 32-bit platforms", "x_generator": {"engine": "bippy-1.2.0"}}}}