CVE-2026-43127

MEDIUM

ntfs3: fix circular locking dependency in run_unpack_ex

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock. 2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone(). This creates an AB-BA deadlock. Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 1.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (16)
Linux/Linux < 6.13
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 08ce2fee1b869ecbfbd94e0eb2630e52203a2e03
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - b014372b62237521444ee51384549bdf48b79015
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - b8d22d9d8260b0f4f4d8e2898c98037c9982ea66
Linux/Linux 57f7979aefdcef66326bda47e07ee0d8be64bf21
Linux/Linux 5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 - 08ce2fee1b869ecbfbd94e0eb2630e52203a2e03
Linux/Linux 5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 - b014372b62237521444ee51384549bdf48b79015
Linux/Linux 5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 - b8d22d9d8260b0f4f4d8e2898c98037c9982ea66
Linux/Linux 6.12.5 - 6.13
Linux/Linux 6.13
... and 6 more
Published May 06, 2026
Tracked Since May 06, 2026