CVE-2026-45864

Source
https://cve.org/CVERecord?id=CVE-2026-45864
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45864.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45864
Downstream
Published
2026-05-27T12:15:43.807Z
Modified
2026-06-27T11:55:11.637381660Z
Summary
fs/ntfs3: prevent infinite loops caused by the next valid being the same
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: prevent infinite loops caused by the next valid being the same

When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1].

Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this.

[1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbasewritelock+0x14f/0x750 kernel/locking/rwbasert.c:244 inodelock include/linux/fs.h:1027 [inline] ntfsfilewrite_iter+0xe6/0x870 fs/ntfs3/file.c:1284

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45864.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4342306f0f0d5ff4315a204d315c1b51b914fca5
Fixed
50c822fcb36768f1fb356f05b02a2248ef81936d
Fixed
6d93239b4fc479f7c0a412dd196ec0ca2672d14a
Fixed
71c8b966ec56e13c02388c1312910588bb49be7a
Fixed
b97e371e5d1c13d722335d46eb8bc1a22b272a0e
Fixed
4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4
Fixed
a47a2bb9aa6455d5cee1045814a60c749309c92b
Fixed
27b75ca4e51e3e4554dc85dbf1a0246c66106fd3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45864.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45864.json"