CVE-2026-43127

MEDIUM EPSS 0.7%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock. 2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone(). This creates an AB-BA deadlock. Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
0.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.6.66  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 3

  • git.kernel.org https://git.kernel.org/stable/c/08ce2fee1b869ecbfbd94e0eb2630e52203a2e03
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b014372b62237521444ee51384549bdf48b79015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8d22d9d8260b0f4f4d8e2898c98037c9982ea66
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/08ce2fee1b869ecbfbd94e0eb2630e52203a2e03
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b014372b62237521444ee51384549bdf48b79015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8d22d9d8260b0f4f4d8e2898c98037c9982ea66
    Patch