CVE-2026-43127
Description
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix circular locking dependency in run_unpack_ex
Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock.
The deadlock scenario: 1. ntfs_extend_mft() takes ni->file.run_lock then wnd->rw_lock. 2. run_unpack_ex() takes wnd->rw_lock then tries to acquire ni->file.run_lock inside ntfs_refresh_zone().
This creates an AB-BA deadlock.
Fix this by using down_read_trylock() instead of down_read() when acquiring run_lock in run_unpack_ex(). If the lock is contended, skip ntfs_refresh_zone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for run_lock while holding wnd->rw_lock.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords5 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-vmware-6.12
< 6.12.85-r2+ 4 more
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
Patches
Vulnerability mechanics
References
3News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026