Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock. 2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone(). This creates an AB-BA deadlock. Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.6.66, < 6.18.16 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/08ce2fee1b869ecbfbd94e0eb2630e52203a2e03Patch
- https://git.kernel.org/stable/c/b014372b62237521444ee51384549bdf48b79015Patch
- https://git.kernel.org/stable/c/b8d22d9d8260b0f4f4d8e2898c98037c9982ea66Patch
FAQ
What is CVE-2026-43127?
CVE-2026-43127 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->u...
How severe is CVE-2026-43127?
CVE-2026-43127 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-43127?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.