GHSA-WH65-53HG-MXPV

Vulnerability from github – Published: 2025-09-07 18:31 – Updated: 2025-11-03 18:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

Revert "fs/ntfs3: Replace inode_trylock with inode_lock"

This reverts commit 69505fe98f198ee813898cbcaf6770949636430b.

Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal testing. The deadlock reported by syzbot is resolved by reintroducing conditional acquisition. The xfstest bug no longer occurs on kernel version 6.16-rc1 during internal testing. I assume that changes in other modules may have contributed to this.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-39734"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-07T16:15:50Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"fs/ntfs3: Replace inode_trylock with inode_lock\"\n\nThis reverts commit 69505fe98f198ee813898cbcaf6770949636430b.\n\nInitially, conditional lock acquisition was removed to fix an xfstest bug\nthat was observed during internal testing. The deadlock reported by syzbot\nis resolved by reintroducing conditional acquisition. The xfstest bug no\nlonger occurs on kernel version 6.16-rc1 during internal testing. I\nassume that changes in other modules may have contributed to this.",
  "id": "GHSA-wh65-53hg-mxpv",
  "modified": "2025-11-03T18:31:40Z",
  "published": "2025-09-07T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39734"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1903a6c1f2818154f6bc87bceaaecafa92b6ac5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ce6f83ca9d52c9245b7a017466fc4baa1241b0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a49f0abd8959048af18c6c690b065eb0d65b2d21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a936be9b5f51c4d23f66fb673e9068c6b08104a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b356ee013a79e7e3147bfe065de376706c5d2ee9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd20733746263acaaf2a21881665db27ee4303d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bec8109f957a6e193e52d1728799994c8005ca83"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.