CVE-2026-43245
Analyzed Analyzed - Analysis Complete
Linux kernel NTFS d_compare blocking vulnerability

Publication date: 2026-05-06

Last updated on: 2026-05-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ntfs: ->d_compare() must not block ... so don't use __getname() there. Switch it (and ntfs_d_hash(), while we are at it) to kmalloc(PATH_MAX, GFP_NOWAIT). Yes, ntfs_d_hash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now. Stop abusing names_cachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. For now let's keep sizes as-in, but AFAICS none of the users actually want PATH_MAX.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-23
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43245
EUVD
EUVD-2026-27806
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.2 (inc) to 6.18.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability relates to the Linux kernel's handling of NTFS filesystem operations, specifically in the ->d_compare() function and related code. The issue involves improper blocking behavior and misuse of memory allocation functions, which could potentially lead to stability or performance problems in the kernel when dealing with NTFS filesystems.

While the exact impact is not detailed, such kernel-level issues can cause system crashes, hangs, or unexpected behavior when accessing NTFS filesystems, potentially affecting system reliability.

Executive Summary

This vulnerability in the Linux kernel relates to the NTFS filesystem code, specifically the ->d_compare() function. The issue is that ->d_compare() must not block, but it was using __getname(), which can block. The fix involves switching to kmalloc(PATH_MAX, GFP_NOWAIT) for memory allocation to avoid blocking. Additionally, the code stops misusing the names_cachep cache in NTFS, replacing it with proper memory allocation methods like kmalloc or kzalloc.

Mitigation Strategies

The vulnerability has been resolved in the Linux kernel by modifying the ntfs module to avoid blocking in ->d_compare() and by switching memory allocation methods to kmalloc(PATH_MAX, GFP_NOWAIT).

To mitigate this vulnerability, you should update your Linux kernel to the version that includes this fix.

Compliance Impact

There is no information provided about the impact of this vulnerability on compliance with standards or regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43245. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart