CVE-2026-43245

Source
https://cve.org/CVERecord?id=CVE-2026-43245
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43245.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43245
Downstream
Published
2026-05-06T11:28:37.602Z
Modified
2026-07-15T01:49:13.073393532Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ntfs: ->d_compare() must not block
Details

In the Linux kernel, the following vulnerability has been resolved:

ntfs: ->d_compare() must not block

... so don't use __getname() there. Switch it (and ntfsdhash(), while we are at it) to kmalloc(PATHMAX, GFPNOWAIT). Yes, ntfsdhash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now.

Stop abusing namescachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. For now let's keep sizes as-in, but AFAICS none of the users actually want PATHMAX.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43245.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a3a956c78efaa202b1d75190136671cf6e87bfbe
Fixed
02ecc0978c459fd90bb24b2a946dd16d43e68fe5
Fixed
1be7ca86ce1794d966fda5d82181bc978b150fbc
Fixed
142c444a395f4d26055c8a4473e228bb86283f1e
Fixed
fb4b1f969ba01fa1d4088467a02fc1e5f0806710
Fixed
ca2a04e84af79596e5cd9cfe697d5122ec39c8ce

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43245.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43245.json"