CVE-2026-43127
Awaiting Analysis Awaiting Analysis - Queue
Circular Locking Dependency in Linux Kernel NTFS3

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock. 2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone(). This creates an AB-BA deadlock. Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43127
EUVD
EUVD-2026-27686
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.6.66 (inc) to 6.18.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a circular locking dependency in the Linux kernel's ntfs3 driver, specifically between two locks: wnd->rw_lock and ni->file.run_lock. The issue arises because one function (ntfs_extend_mft) acquires these locks in one order, while another function (run_unpack_ex) acquires them in the opposite order, creating a deadlock scenario known as AB-BA deadlock.

The deadlock happens when ntfs_extend_mft() takes ni->file.run_lock first and then wnd->rw_lock, while run_unpack_ex() takes wnd->rw_lock first and then tries to acquire ni->file.run_lock inside ntfs_refresh_zone(). This circular dependency causes the system to hang waiting for locks.

The fix involves changing run_unpack_ex() to use a non-blocking lock acquisition method (down_read_trylock()) for run_lock. If the lock is contended, the function skips ntfs_refresh_zone(), deferring the refresh to the next MFT operation, thus breaking the circular dependency and preventing the deadlock.

Impact Analysis

This vulnerability can cause a deadlock in the Linux kernel's ntfs3 driver, which may lead to system hangs or freezes when accessing NTFS file systems. Such deadlocks can degrade system stability and availability, potentially interrupting normal operations or causing delays in file system access.

Mitigation Strategies

The vulnerability is fixed by updating the Linux kernel to a version where the circular locking dependency in ntfs3 has been resolved.

Specifically, the fix involves changing the locking mechanism in run_unpack_ex() to use down_read_trylock() instead of down_read(), which prevents the deadlock by skipping ntfs_refresh_zone() if the lock is contended.

Therefore, the immediate mitigation step is to apply the kernel update that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart