CVE-2026-43245 - Vulnerability Details

- ntfs: ->d_compare() must not block

Description

In the Linux kernel, the following vulnerability has been resolved:

ntfs: ->d_compare() must not block

... so don't use __getname() there. Switch it (and ntfs_d_hash(), while
we are at it) to kmalloc(PATH_MAX, GFP_NOWAIT). Yes, ntfs_d_hash()
almost certainly can do with smaller allocations, but let ntfs folks
deal with that - keep the allocation size as-is for now.

Stop abusing names_cachep in ntfs, period - various uses of that thing
in there have nothing to do with pathnames; just use k[mz]alloc() and
be done with that. For now let's keep sizes as-in, but AFAICS none of
the users actually want PATH_MAX.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s NTFS driver implemented a blocking allocation in the d_compare() function by calling __getname(), causing the kernel to sleep during path resolution. This behavior can stall kernel execution and initiate a denial‑of‑service cycle if exercised repeatedly. The patch replaces that call with non‑blocking kmalloc(PATH_MAX, GFP_NOWAIT), removing the ability for the kernel to block.

Affected Systems

Linux kernels that ship with NTFS support and have not yet incorporated the commit identified by the advisory. This encompasses any distribution using the standard kernel with NTFS enabled prior to the fix. No specific version range is listed, so all pre‑patch kernels are considered affected.

Risk and Exploitability

Because the issue relies on a blocking kernel call an attacker who can trigger ntfs->d_compare()—for example by performing certain file system operations on NTFS volumes—is likely able to cause a kernel stall, leading to a denial of service. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating no known widespread exploitation yet. The nature of the flaw and the lack of public exploitation data suggest that the primary risk is a DoS should the kernel be forced to sleep during NTFS operations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 142c444a395f4d26055c8a4473e228bb86283f1e
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< fb4b1f969ba01fa1d4088467a02fc1e5f0806710
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ca2a04e84af79596e5cd9cfe697d5122ec39c8ce

Linux

affected

Version	Status	Constraints
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,142c444a395f4d26055c8a4473e228bb86283f1e)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fb4b1f969ba01fa1d4088467a02fc1e5f0806710)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ca2a04e84af79596e5cd9cfe697d5122ec39c8ce)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to the latest version that includes the ntfs d_compare patch, which replaces the blocking __getname() call with a non‑blocking kmalloc, thereby addressing the resource management flaw.
If an upgrade is not feasible, unmount or mount all NTFS filesystems read‑only to limit operations that could trigger the blocking kernel call, reducing the potential for denial‑of‑service attacks.
As a temporary workaround, manually modify the ntfs module source to replace __getname() with kmalloc(PATH_MAX, GFP_NOWAIT) and remove unnecessary usage of names_cachep, directly fixing the allocation bug and preventing blocking.
Restrict who can load or configure NTFS filesystems to prevent privilege escalation that could trigger the resource exhaustion flaw, addressing access control bypass (CWE-1322).

Generated by OpenCVE AI on May 7, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/142c444a395f4d26055c8a4473e228bb86283f1e
https://git.kernel.org/stable/c/ca2a04e84af79596e5cd9cfe697d5122ec39c8ce
https://git.kernel.org/stable/c/fb4b1f969ba01fa1d4088467a02fc1e5f0806710
https://lore.kernel.org/linux-cve-announce/2026050601-CVE-2026-43245-6e9f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43245
https://www.cve.org/CVERecord?id=CVE-2026-43245

History

Thu, 07 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-399

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1322
References		https://lore.kernel.org/linux-cve-announce/2026050601-CVE-2026-43245-6e9f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43245 https://www.cve.org/CVERecord?id=CVE-2026-43245

Wed, 06 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ntfs: ->d_compare() must not block ... so don't use __getname() there. Switch it (and ntfs_d_hash(), while we are at it) to kmalloc(PATH_MAX, GFP_NOWAIT). Yes, ntfs_d_hash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now. Stop abusing names_cachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. For now let's keep sizes as-in, but AFAICS none of the users actually want PATH_MAX.
Title		ntfs: ->d_compare() must not block
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/142c444a395f4d26055c8a4473e228bb86283f1e https://git.kernel.org/stable/c/ca2a04e84af79596e5cd9cfe697d5122ec39c8ce https://git.kernel.org/stable/c/fb4b1f969ba01fa1d4088467a02fc1e5f0806710

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:37.602Z

Updated: 2026-05-06T11:28:37.602Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43245

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:44.997

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43245

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43245 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-07T05:30:22Z

Weaknesses

CWE-1322

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object