CVE-2025-68369
Unknown Unknown - Not Provided
Uninitialized Lock in Linux ntfs3 Inode Causes Kernel Error

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot. Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered. Add the run_lock initialization when loading $Extend. syzbot reported: INFO: trying to register non-static key. Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590 ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860 ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387 ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68369
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's ntfs3 module occurs because the run_lock is not initialized when the inode mode of $Extend is set to a regular file and the truncate system call is executed. This leads to an uninitialized run_lock error in the do_truncate() routine, which was reported by syzbot. The issue arises because prior to the patch, if the inode mode was not set to a regular file, the do_truncate() routine would not be entered, avoiding the error. The fix involves initializing the run_lock when loading $Extend.

Impact Analysis

The vulnerability can cause errors in the kernel due to the uninitialized run_lock when truncating files with the inode mode of $Extend set to a regular file. This may lead to kernel instability or crashes when performing file operations on NTFS3 file systems, potentially affecting system reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart