GHSA-9M7W-275G-V9X3
Vulnerability from github – Published: 2025-12-24 12:30 – Updated: 2025-12-24 12:30In the Linux kernel, the following vulnerability has been resolved:
ntfs3: init run lock for extend inode
After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot.
Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered.
Add the run_lock initialization when loading $Extend.
syzbot reported: INFO: trying to register non-static key. Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590 ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860 ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387 ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808
{
"affected": [],
"aliases": [
"CVE-2025-68369"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T11:16:00Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: init run lock for extend inode\n\nAfter setting the inode mode of $Extend to a regular file, executing the\ntruncate system call will enter the do_truncate() routine, causing the\nrun_lock uninitialized error reported by syzbot.\n\nPrior to patch 4e8011ffec79, if the inode mode of $Extend was not set to\na regular file, the do_truncate() routine would not be entered.\n\nAdd the run_lock initialization when loading $Extend.\n\nsyzbot reported:\nINFO: trying to register non-static key.\nCall Trace:\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984\n register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299\n __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112\n lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868\n down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590\n ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860\n ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387\n ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808",
"id": "GHSA-9m7w-275g-v9x3",
"modified": "2025-12-24T12:30:29Z",
"published": "2025-12-24T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68369"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19164d8228317f3f1fe2662a9ba587cfe3b2d29e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e17555728bc469d484c59db4a0abc65c19bc315"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab5e8ebeee1caa4fcf8be7d8d62c0a7165469076"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be99c62ac7e7af514e4b13f83c891a3cccefaa48"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.