fs/ntfs3: prevent infinite loops caused by the next valid being the same

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-45864
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-27 14:16:58 UTC
Updated2026-05-27 14:48:31 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1]. Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this. [1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244 inode_lock include/linux/fs.h:1027 [inline] ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.073320000 (date 2026-06-01)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 50c822fcb36768f1fb356f05b02a2248ef81936d git Not specified
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 6d93239b4fc479f7c0a412dd196ec0ca2672d14a git Not specified
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 71c8b966ec56e13c02388c1312910588bb49be7a git Not specified
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 b97e371e5d1c13d722335d46eb8bc1a22b272a0e git Not specified
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4 git Not specified
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 a47a2bb9aa6455d5cee1045814a60c749309c92b git Not specified
CNA Linux Linux affected 4342306f0f0d5ff4315a204d315c1b51b914fca5 27b75ca4e51e3e4554dc85dbf1a0246c66106fd3 git Not specified
CNA Linux Linux affected 5.15 Not specified
CNA Linux Linux unaffected 5.15 semver Not specified
CNA Linux Linux unaffected 5.15.202 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.165 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.128 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.75 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.14 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.4 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/6d93239b4fc479f7c0a412dd196ec0ca2672d14a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/71c8b966ec56e13c02388c1312910588bb49be7a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/b97e371e5d1c13d722335d46eb8bc1a22b272a0e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/a47a2bb9aa6455d5cee1045814a60c749309c92b 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report