CVE-2026-43127

Summary

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: fix circular locking dependency in run_unpack_ex

Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock.

The deadlock scenario:

  1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock.
  2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone().

This creates an AB-BA deadlock.

Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 < b014372b62237521444ee51384549bdf48b79015affected
LinuxLinux5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 < b8d22d9d8260b0f4f4d8e2898c98037c9982ea66affected
LinuxLinux5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 < 08ce2fee1b869ecbfbd94e0eb2630e52203a2e03affected
LinuxLinux57f7979aefdcef66326bda47e07ee0d8be64bf21affected
LinuxLinuxdb7fc56646cafe39599a4c21f1398e2bdfd5c185affected
LinuxLinux6.6.66 < 6.7affected
LinuxLinux6.12.5 < 6.13affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References