CVE-2026-43245
HIGH EPSS 35.2%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: ntfs: ->d_compare() must not block ... so don't use __getname() there. Switch it (and ntfs_d_hash(), while we are at it) to kmalloc(PATH_MAX, GFP_NOWAIT). Yes, ntfs_d_hash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now. Stop abusing names_cachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. For now let's keep sizes as-in, but AFAICS none of the users actually want PATH_MAX.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
35.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 2
References 5
- git.kernel.org https://git.kernel.org/stable/c/02ecc0978c459fd90bb24b2a946dd16d43e68fe5
- git.kernel.org https://git.kernel.org/stable/c/142c444a395f4d26055c8a4473e228bb86283f1e
- git.kernel.org https://git.kernel.org/stable/c/1be7ca86ce1794d966fda5d82181bc978b150fbc
- git.kernel.org https://git.kernel.org/stable/c/ca2a04e84af79596e5cd9cfe697d5122ec39c8ce
- git.kernel.org https://git.kernel.org/stable/c/fb4b1f969ba01fa1d4088467a02fc1e5f0806710
Remediation
- git.kernel.org https://git.kernel.org/stable/c/142c444a395f4d26055c8a4473e228bb86283f1e
- git.kernel.org https://git.kernel.org/stable/c/ca2a04e84af79596e5cd9cfe697d5122ec39c8ce
- git.kernel.org https://git.kernel.org/stable/c/fb4b1f969ba01fa1d4088467a02fc1e5f0806710