In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix circular locking dependency in rununpackex
Syzbot reported a circular locking dependency between wnd->rwlock (sbi->used.bitmap) and ni->file.runlock.
The deadlock scenario: 1. ntfsextendmft() takes ni->file.runlock then wnd->rwlock. 2. rununpackex() takes wnd->rwlock then tries to acquire ni->file.runlock inside ntfsrefreshzone().
This creates an AB-BA deadlock.
Fix this by using downreadtrylock() instead of downread() when acquiring runlock in rununpackex(). If the lock is contended, skip ntfsrefreshzone() - the MFT zone will be refreshed on the next MFT operation. This breaks the circular dependency since we never block waiting for runlock while holding wnd->rwlock.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43127.json",
"cna_assigner": "Linux"
}