Linux Kernel ntfs3 run_lock init flaw in truncate
CVE-2025-68369 Published on December 24, 2025
ntfs3: init run lock for extend inode
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: init run lock for extend inode
After setting the inode mode of $Extend to a regular file, executing the
truncate system call will enter the do_truncate() routine, causing the
run_lock uninitialized error reported by syzbot.
Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to
a regular file, the do_truncate() routine would not be entered.
Add the run_lock initialization when loading $Extend.
syzbot reported:
INFO: trying to register non-static key.
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590
ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860
ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387
ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808
Products Associated with CVE-2025-68369
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version 63eb6730ce0604d3eacf036c2f68ea70b068317c and below 79c8a77b1782e2ace96d063be3c41ba540d1e20a is affected.
- Version 78d46f5276ed3589aaaa435580068c5b62efc921 and below 433d1f7c628c3cbdd7efce064d6c7acd072cf6c4 is affected.
- Version 17249b2a65274f73ed68bcd1604e08a60fd8a278 and below 907bf69c6b6ce5d038eec7a599d67b45b62624bc is affected.
- Version 37f65e68ba9852dc51c78dbb54a9881c3f0fe4f7 and below 6e17555728bc469d484c59db4a0abc65c19bc315 is affected.
- Version 57534db1bbc4ca772393bb7d92e69d5e7b9051cf and below 19164d8228317f3f1fe2662a9ba587cfe3b2d29e is affected.
- Version 4e8011ffec79717e5fdac43a7e79faf811a384b7 and below ab5e8ebeee1caa4fcf8be7d8d62c0a7165469076 is affected.
- Version 4e8011ffec79717e5fdac43a7e79faf811a384b7 and below be99c62ac7e7af514e4b13f83c891a3cccefaa48 is affected.
- Version 6.18 is affected.
- Before 6.18 is unaffected.
- Version 5.15.198, <= 5.15.* is unaffected.
- Version 6.1.160, <= 6.1.* is unaffected.
- Version 6.6.120, <= 6.6.* is unaffected.
- Version 6.12.63, <= 6.12.* is unaffected.
- Version 6.17.13, <= 6.17.* is unaffected.
- Version 6.18.2, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.