CVE-2026-45864 - Vulnerability Details

- fs/ntfs3: prevent infinite loops caused by the next valid being the same

Description

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: prevent infinite loops caused by the next valid being the same

When processing valid within the range [valid : pos), if valid cannot
be retrieved correctly, for example, if the retrieved valid value is
always the same, this can trigger a potential infinite loop, similar
to the hung problem reported by syzbot [1].

Adding a check for the valid value within the loop body, and terminating
the loop and returning -EINVAL if the value is the same as the current
value, can prevent this.

[1]
INFO: task syz.4.21:6056 blocked for more than 143 seconds.
Call Trace:
rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244
inode_lock include/linux/fs.h:1027 [inline]
ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability occurs in the Linux kernel's NTFS3 filesystem driver. When processing a range of valid offsets during a write operation, the code fails to detect when the computed "valid" value remains unchanged. As a consequence, the loop can iterate endlessly, potentially hanging the kernel. The defect corresponds to a resource exhaustion weakness (CWE-770). The result is a denial of service, where an attacker who can supply a maliciously crafted NTFS volume can render the system unresponsive.

Affected Systems

The flaw affects all Linux kernel releases that include the ntfs3 driver prior to the applied patch. No specific kernel versions are listed in the CNA data; any kernel running ntfs3 without the fix may be vulnerable.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires local access to mount or write to an NTFS3 filesystem, as the flaw is triggered during write operations. An attacker can craft an NTFS volume that causes the driver to loop indefinitely, provoking a kernel hang. The patch prevents the loop by terminating with -EINVAL when the computed "valid" value repeats.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< 50c822fcb36768f1fb356f05b02a2248ef81936d
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< 6d93239b4fc479f7c0a412dd196ec0ca2672d14a
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< 71c8b966ec56e13c02388c1312910588bb49be7a
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< b97e371e5d1c13d722335d46eb8bc1a22b272a0e
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< 4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< a47a2bb9aa6455d5cee1045814a60c749309c92b
`4342306f0f0d5ff4315a204d315c1b51b914fca5`	affected	< 27b75ca4e51e3e4554dc85dbf1a0246c66106fd3

Linux

affected

Version	Status	Constraints
`5.15`	affected	—
`0`	unaffected	< 5.15
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,50c822fcb36768f1fb356f05b02a2248ef81936d)`	affected	code_commit	—
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,6d93239b4fc479f7c0a412dd196ec0ca2672d14a)`	affected	code_commit	—
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,71c8b966ec56e13c02388c1312910588bb49be7a)`	affected	code_commit	—
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,b97e371e5d1c13d722335d46eb8bc1a22b272a0e)`	affected	code_commit	—
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4)`	affected	code_commit	—
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,a47a2bb9aa6455d5cee1045814a60c749309c92b)`	affected	code_commit	—
`[4342306f0f0d5ff4315a204d315c1b51b914fca5,27b75ca4e51e3e4554dc85dbf1a0246c66106fd3)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.15`	affected	generic	—
`[0,5.15)`	unaffected	generic	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a version that includes the patch adding the check for the "valid" value and returning -EINVAL if unchanged.
If the system cannot upgrade immediately, disable the ntfs3 module or restrict write access to NTFS3 filesystems until a patch is applied.
Monitor for hangs after writing to NTFS volumes and reboot promptly if the kernel becomes unresponsive.

Generated by OpenCVE AI on May 28, 2026 at 13:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00205.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3
https://git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4
https://git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d
https://git.kernel.org/stable/c/6d93239b4fc479f7c0a412dd196ec0ca2672d14a
https://git.kernel.org/stable/c/71c8b966ec56e13c02388c1312910588bb49be7a
https://git.kernel.org/stable/c/a47a2bb9aa6455d5cee1045814a60c749309c92b
https://git.kernel.org/stable/c/b97e371e5d1c13d722335d46eb8bc1a22b272a0e
https://lore.kernel.org/linux-cve-announce/2026052711-CVE-2026-45864-96c6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45864
https://www.cve.org/CVERecord?id=CVE-2026-45864

History

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-606
References		https://lore.kernel.org/linux-cve-announce/2026052711-CVE-2026-45864-96c6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45864 https://www.cve.org/CVERecord?id=CVE-2026-45864
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 27 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-767 CWE-770

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1]. Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this. [1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244 inode_lock include/linux/fs.h:1027 [inline] ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284
Title		fs/ntfs3: prevent infinite loops caused by the next valid being the same
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3 https://git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4 https://git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d https://git.kernel.org/stable/c/6d93239b4fc479f7c0a412dd196ec0ca2672d14a https://git.kernel.org/stable/c/71c8b966ec56e13c02388c1312910588bb49be7a https://git.kernel.org/stable/c/a47a2bb9aa6455d5cee1045814a60c749309c92b https://git.kernel.org/stable/c/b97e371e5d1c13d722335d46eb8bc1a22b272a0e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:43.807Z

Updated: 2026-05-27T12:15:43.807Z

Reserved: 2026-05-13T15:03:33.080Z

Link: CVE-2026-45864

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:58.667

Modified: 2026-06-17T10:52:37.837

Link: CVE-2026-45864

Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45864 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T13:45:14Z

Weaknesses

CWE-606
Unchecked Input for Loop Condition
CWE-767
Access to Critical Private Variable via Public Method
CWE-770
Allocation of Resources Without Limits or Throttling

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object