Skip to main content

Linux Kernel EUVDEUVD-2026-27806

| CVE-2026-43245 HIGH
2026-05-06 Linux GHSA-mq97-h32x-42x9
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:42 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.5 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ntfs: ->d_compare() must not block

... so don't use __getname() there. Switch it (and ntfs_d_hash(), while we are at it) to kmalloc(PATH_MAX, GFP_NOWAIT). Yes, ntfs_d_hash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now.

Stop abusing names_cachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. For now let's keep sizes as-in, but AFAICS none of the users actually want PATH_MAX.

AnalysisAI

Kernel panic or denial of service occurs in the NTFS filesystem driver when d_compare() operations block on memory allocation. Linux kernel versions from mainline commit 1da177e4c3f4 through 6.18.x, 6.19.x, and early 7.0 are affected. The vulnerability stems from improper use of __getname() within the d_compare() function which can block, violating kernel locking requirements and causing system instability under memory pressure. EPSS score of 0.02% (4th percentile) indicates low observed exploitation likelihood. Vendor patches available for versions 6.18.16, 6.19.6, and 7.0.

Technical ContextAI

The Linux kernel NTFS filesystem driver implements custom dentry comparison functions (d_compare and d_hash) for case-insensitive filename operations. The ->d_compare() callback operates within kernel dentry cache (dcache) paths that hold critical spinlocks and must execute atomically without sleeping. The vulnerable code incorrectly called __getname(), which allocates from the names_cachep slab cache using GFP_KERNEL flags, allowing the allocation to block and sleep. This violates the non-blocking requirement of d_compare operations. Under memory pressure, this can trigger 'scheduling while atomic' kernel bugs or deadlocks. The fix replaces __getname() with kmalloc(PATH_MAX, GFP_NOWAIT) to ensure atomic allocation behavior. The vulnerability also reflects broader misuse of the names_cachep allocator throughout NTFS code for non-pathname data structures.

RemediationAI

Update to patched Linux kernel versions: 6.18.16, 6.19.6, or 7.0 and later. Upstream patches available at https://git.kernel.org/stable/c/142c444a395f4d26055c8a4473e228bb86283f1e (6.18), https://git.kernel.org/stable/c/fb4b1f969ba01fa1d4088467a02fc1e5f0806710 (6.19), and https://git.kernel.org/stable/c/ca2a04e84af79596e5cd9cfe697d5122ec39c8ce (7.0 mainline). Distribution-specific updates should be applied via standard package management (apt, yum, dnf). If immediate patching is not feasible, disable NTFS filesystem support by blacklisting the ntfs kernel module (echo 'blacklist ntfs' >> /etc/modprobe.d/blacklist.conf) and unmounting any NTFS volumes. This workaround prevents exploitation but eliminates NTFS functionality. For systems requiring NTFS read capability, consider using ntfs-3g FUSE driver instead of kernel driver as temporary mitigation, though this introduces performance overhead. Reboot required after kernel update or module blacklisting. No known configuration-based mitigations exist that preserve NTFS kernel driver functionality.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27806 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy