CVE-2025-68369

Published: Dec 24, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot. Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered. Add the run_lock initialization when loading $Extend. syzbot reported: INFO: trying to register non-static key. Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590 ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860 ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387 ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808

Vendor	Product	Versions
Linux	Linux	affected `63eb6730ce0604d3eacf036c2f68ea70b068317c - < 79c8a77b1782e2ace96d063be3c41ba540d1e20a` affected `78d46f5276ed3589aaaa435580068c5b62efc921 - < 433d1f7c628c3cbdd7efce064d6c7acd072cf6c4` affected `17249b2a65274f73ed68bcd1604e08a60fd8a278 - < 907bf69c6b6ce5d038eec7a599d67b45b62624bc` affected `37f65e68ba9852dc51c78dbb54a9881c3f0fe4f7 - < 6e17555728bc469d484c59db4a0abc65c19bc315` affected `57534db1bbc4ca772393bb7d92e69d5e7b9051cf - < 19164d8228317f3f1fe2662a9ba587cfe3b2d29e` +7 more versions
Linux	Linux	affected `6.18` unaffected `0 - < 6.18` unaffected `5.15.198 - <= 5.15.` unaffected `6.1.160 - <= 6.1.` unaffected `6.6.120 - <= 6.6.*` +4 more versions