Skip to main content

Linux Kernel EUVDEUVD-2026-32330

| CVE-2026-45864 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-g925-qgm3-hc5p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local write access to an ntfs3-mounted volume required (AV:L/PR:L); pure availability impact via kernel hang with no confidentiality or integrity exposure.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:26 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: prevent infinite loops caused by the next valid being the same

When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1].

Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this.

[1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244 inode_lock include/linux/fs.h:1027 [inline] ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284

AnalysisAI

Infinite loop denial of service in the Linux kernel's ntfs3 filesystem driver allows a local low-privileged user to hang the kernel's I/O subsystem by triggering a non-terminating loop in the file write path. The flaw in ntfs_file_write_iter (fs/ntfs3/file.c:1284) occurs when iterating over the valid data range [valid:pos) during a write operation - if the valid pointer fails to advance (returning the same value), the loop condition is never satisfied and the inode lock is held indefinitely, causing a full write-path hang. No active exploitation has been identified (absent from CISA KEV) and EPSS of 0.02% at the 7th percentile confirms negligible observed exploitation activity; a patch is available across all affected stable branches.

Technical ContextAI

The vulnerability resides in the ntfs3 kernel driver (fs/ntfs3/file.c), a native in-tree NTFS read/write driver introduced in Linux 5.15 as a replacement for the legacy FUSE-based ntfs-3g. The root cause is CWE-835 (Loop with Unreachable Exit Condition): during ntfs_file_write_iter, the code iterates over the range of 'valid' (already-written) bytes to process a new write, but does not verify that the valid retrieval function actually returns a new, advancing value each iteration. If the underlying metadata retrieval returns the same valid offset repeatedly - as can occur with a corrupted or specially crafted NTFS volume - the exit condition is structurally unreachable and the loop spins indefinitely. The syzbot fuzzer (Google's syzkaller infrastructure) discovered and reported this, producing a reproducible call trace showing rwbase_write_lock → inode_lock → ntfs_file_write_iter blocked for over 143 seconds. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*.

RemediationAI

The primary fix is to upgrade to the patched stable kernel release for the running branch: 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, or 6.19.4. Patch commits are available at git.kernel.org/stable with the exact hashes listed in references (e.g., https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3 for the 5.15 branch). For systems that cannot be patched immediately and do not require NTFS3 support, blacklisting the ntfs3 module (echo 'blacklist ntfs3' > /etc/modprobe.d/ntfs3-blacklist.conf && update-initramfs -u) eliminates the attack surface entirely, with the trade-off of losing NTFS3 read/write capability (ntfs-3g FUSE can serve as a fallback). For systems requiring ntfs3 mounts, restricting mount access to privileged users via fstab (user flag removal, root-only mounts) reduces exposure to insider threats but does not constitute a full mitigaton since the kernel driver remains loaded. The EUVD advisory EUVD-2026-32330 and NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-45864 provide additional tracking.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32330 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy