CVE-2025-71309
Awaiting Analysis Awaiting Analysis - Queue
Deadlock in Linux Kernel NTFS3 Filesystem

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni_read_folio_cmpr Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is caused by a lock inversion deadlock involving the inode mutex (ni_lock) and page locks. Scenario: 1. Task A enters ntfs_read_folio() for page X. It acquires ni_lock. 2. Task A calls ni_read_folio_cmpr(), which attempts to lock all pages in the compressed frame (including page Y). 3. Concurrently, Task B (e.g., via readahead) has locked page Y and calls ntfs_read_folio(). 4. Task B waits for ni_lock (held by A). 5. Task A waits for page Y lock (held by B). -> DEADLOCK. The fix is to restructure locking: do not take ni_lock in ntfs_read_folio(). Instead, acquire ni_lock inside ni_read_folio_cmpr() ONLY AFTER all required page locks for the frame have been successfully acquired. This restores the correct lock ordering (Page Lock -> ni_lock) consistent with VFS. [[email protected]: ni_readpage_cmpr was renamed to ni_read_folio_cmpr]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71309
EUVD
EUVD-2025-209973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
paragon_software ntfs3 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a deadlock issue in the Linux kernel's NTFS3 filesystem driver, specifically in the function ni_read_folio_cmpr (previously named ni_readpage_cmpr).

The deadlock occurs due to a lock inversion between the inode mutex (ni_lock) and page locks. In a scenario where two tasks try to access compressed pages, one task holds the inode lock and waits for a page lock held by the other task, while the second task holds the page lock and waits for the inode lock held by the first task, causing both tasks to hang indefinitely.

The fix involved changing the locking order: instead of acquiring the inode lock first, the code now acquires all necessary page locks before acquiring the inode lock, restoring the correct lock order and preventing the deadlock.

Impact Analysis

This vulnerability can cause tasks accessing compressed NTFS filesystem pages to hang indefinitely due to a deadlock, leading to system instability or unresponsiveness.

Such deadlocks can degrade system performance, potentially causing applications or services relying on NTFS filesystem access to freeze or fail.

Detection Guidance

This vulnerability involves a deadlock in the Linux kernel's ntfs3 filesystem driver caused by lock inversion between the inode mutex and page locks.

Detection would typically involve monitoring for hung or stuck tasks related to ntfs3 operations, especially those involving compressed file reads.

Since the issue manifests as a deadlock, you can look for kernel logs indicating hung tasks or use debugging tools to identify tasks stuck in ntfs_read_folio_cmpr or related functions.

  • Check kernel logs for hung task messages: `dmesg | grep -i hung` or `journalctl -k | grep -i hung`
  • Use `ps` or `top` to identify processes stuck in uninterruptible sleep (D state), which may indicate deadlock.
  • Use kernel debugging tools like `perf`, `ftrace`, or `lockdep` to trace lock dependencies and detect lock inversions.
  • Examine stack traces of hung tasks using `echo t > /proc/sysrq-trigger` and check `dmesg` output for tasks stuck in ntfs_read_folio_cmpr.
Mitigation Strategies

The vulnerability is fixed by restructuring the locking order in the ntfs3 driver to avoid deadlocks.

Immediate mitigation steps include updating the Linux kernel to a version that contains the fix for this issue.

Until the kernel is updated, avoid heavy or concurrent access patterns to compressed files on ntfs3 filesystems that might trigger the deadlock.

Monitor system logs for signs of deadlocks and consider rebooting the system if a deadlock occurs to restore normal operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71309. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart