CVE-2026-43127

Published: May 6, 2026

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock. 2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone(). This creates an AB-BA deadlock. Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.

Vendor	Product	Versions
Linux	Linux	affected `5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 - < b014372b62237521444ee51384549bdf48b79015` affected `5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 - < b8d22d9d8260b0f4f4d8e2898c98037c9982ea66` affected `5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 - < 08ce2fee1b869ecbfbd94e0eb2630e52203a2e03` affected `57f7979aefdcef66326bda47e07ee0d8be64bf21` affected `db7fc56646cafe39599a4c21f1398e2bdfd5c185` +2 more versions
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.18.16 - <= 6.18.` unaffected `6.19.6 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/b014372b62237521444ee51384549bdf48b79015

https://git.kernel.org/stable/c/b8d22d9d8260b0f4f4d8e2898c98037c9982ea66

https://git.kernel.org/stable/c/08ce2fee1b869ecbfbd94e0eb2630e52203a2e03

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43127

Description

Affected Products

References