FKIE_CVE-2025-68369

Vulnerability from fkie_nvd - Published: 2025-12-24 11:16 - Updated: 2026-06-17 09:59
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot. Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered. Add the run_lock initialization when loading $Extend. syzbot reported: INFO: trying to register non-static key. Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590 ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860 ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387 ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/19164d8228317f3f1fe2662a9ba587cfe3b2d29e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/433d1f7c628c3cbdd7efce064d6c7acd072cf6c4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6e17555728bc469d484c59db4a0abc65c19bc315
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/79c8a77b1782e2ace96d063be3c41ba540d1e20a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/907bf69c6b6ce5d038eec7a599d67b45b62624bc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ab5e8ebeee1caa4fcf8be7d8d62c0a7165469076
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/be99c62ac7e7af514e4b13f83c891a3cccefaa48
Impacted products
Vendor Product Version
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "79c8a77b1782e2ace96d063be3c41ba540d1e20a",
              "status": "affected",
              "version": "63eb6730ce0604d3eacf036c2f68ea70b068317c",
              "versionType": "git"
            },
            {
              "lessThan": "433d1f7c628c3cbdd7efce064d6c7acd072cf6c4",
              "status": "affected",
              "version": "78d46f5276ed3589aaaa435580068c5b62efc921",
              "versionType": "git"
            },
            {
              "lessThan": "907bf69c6b6ce5d038eec7a599d67b45b62624bc",
              "status": "affected",
              "version": "17249b2a65274f73ed68bcd1604e08a60fd8a278",
              "versionType": "git"
            },
            {
              "lessThan": "6e17555728bc469d484c59db4a0abc65c19bc315",
              "status": "affected",
              "version": "37f65e68ba9852dc51c78dbb54a9881c3f0fe4f7",
              "versionType": "git"
            },
            {
              "lessThan": "19164d8228317f3f1fe2662a9ba587cfe3b2d29e",
              "status": "affected",
              "version": "57534db1bbc4ca772393bb7d92e69d5e7b9051cf",
              "versionType": "git"
            },
            {
              "lessThan": "ab5e8ebeee1caa4fcf8be7d8d62c0a7165469076",
              "status": "affected",
              "version": "4e8011ffec79717e5fdac43a7e79faf811a384b7",
              "versionType": "git"
            },
            {
              "lessThan": "be99c62ac7e7af514e4b13f83c891a3cccefaa48",
              "status": "affected",
              "version": "4e8011ffec79717e5fdac43a7e79faf811a384b7",
              "versionType": "git"
            },
            {
              "lessThan": "5.15.198",
              "status": "affected",
              "version": "5.15.197",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.160",
              "status": "affected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.120",
              "status": "affected",
              "version": "6.6.117",
              "versionType": "semver"
            },
            {
              "lessThan": "6.12.63",
              "status": "affected",
              "version": "6.12.58",
              "versionType": "semver"
            },
            {
              "lessThan": "6.17.13",
              "status": "affected",
              "version": "6.17.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.18"
            },
            {
              "lessThan": "6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: init run lock for extend inode\n\nAfter setting the inode mode of $Extend to a regular file, executing the\ntruncate system call will enter the do_truncate() routine, causing the\nrun_lock uninitialized error reported by syzbot.\n\nPrior to patch 4e8011ffec79, if the inode mode of $Extend was not set to\na regular file, the do_truncate() routine would not be entered.\n\nAdd the run_lock initialization when loading $Extend.\n\nsyzbot reported:\nINFO: trying to register non-static key.\nCall Trace:\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984\n register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299\n __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112\n lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868\n down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590\n ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860\n ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387\n ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808"
    }
  ],
  "id": "CVE-2025-68369",
  "lastModified": "2026-06-17T09:59:00.870",
  "metrics": {},
  "published": "2025-12-24T11:16:00.470",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/19164d8228317f3f1fe2662a9ba587cfe3b2d29e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/433d1f7c628c3cbdd7efce064d6c7acd072cf6c4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6e17555728bc469d484c59db4a0abc65c19bc315"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/79c8a77b1782e2ace96d063be3c41ba540d1e20a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/907bf69c6b6ce5d038eec7a599d67b45b62624bc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ab5e8ebeee1caa4fcf8be7d8d62c0a7165469076"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/be99c62ac7e7af514e4b13f83c891a3cccefaa48"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Deferred"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.