CVE-2026-53015

Summary

In the Linux kernel, the following vulnerability has been resolved:

erofs: unify lcn as u64 for 32-bit platforms

As sashiko reported [1], lcn was typed as unsigned long (or unsigned int sometimes), which is only 32 bits wide on 32-bit platforms, which causes (lcn << lclusterbits) to be truncated at 4 GiB.

In order to consolidate the logic, just use u64 consistently around the codebase.

[1] https://sashiko.dev/r/20260420034612.1899973-1-hsiangkao%40linux.alibaba.com

Affected Software

VendorProductVersion RangeStatus
LinuxLinux152a333a589560bee002e4c96761f1b560a5793c < 4fc9b12e43a3f19a01a8fb61f7961be79de20253affected
LinuxLinux152a333a589560bee002e4c96761f1b560a5793c < 858e4d98a86adf34584767388deb6c9b217f70c5affected
LinuxLinux152a333a589560bee002e4c96761f1b560a5793c < 582b0bf201157632cb5474c885989a6ebda46521affected
LinuxLinux152a333a589560bee002e4c96761f1b560a5793c < 2d8c7edcb661812249469f4a5b62e9339118846faffected
LinuxLinux5.3affected
LinuxLinux0 < 5.3unaffected
LinuxLinux6.12.91 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References