CVE-2026-43245
Published: May 6, 2026
Modified: May 23, 2026
CVSS v3.1
7.5
Description
In the Linux kernel, the following vulnerability has been resolved: ntfs: ->d_compare() must not block ... so don't use __getname() there. Switch it (and ntfs_d_hash(), while we are at it) to kmalloc(PATH_MAX, GFP_NOWAIT). Yes, ntfs_d_hash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now. Stop abusing names_cachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. For now let's keep sizes as-in, but AFAICS none of the users actually want PATH_MAX.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a3a956c78efaa202b1d75190136671cf6e87bfbe - < 02ecc0978c459fd90bb24b2a946dd16d43e68fe5affected a3a956c78efaa202b1d75190136671cf6e87bfbe - < 1be7ca86ce1794d966fda5d82181bc978b150fbcaffected a3a956c78efaa202b1d75190136671cf6e87bfbe - < 142c444a395f4d26055c8a4473e228bb86283f1eaffected a3a956c78efaa202b1d75190136671cf6e87bfbe - < fb4b1f969ba01fa1d4088467a02fc1e5f0806710affected a3a956c78efaa202b1d75190136671cf6e87bfbe - < ca2a04e84af79596e5cd9cfe697d5122ec39c8ce |
Linux | Linux | affected 6.2unaffected 0 - < 6.2unaffected 6.6.141 - <= 6.6.*unaffected 6.12.91 - <= 6.12.*unaffected 6.18.16 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now