CVE-2025-39734
Published: September 8, 2025Last modified: September 8, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal testing. The deadlock reported by syzbot is resolved by reintroducing conditional acquisition. The xfstest bug no longer occurs on kernel version 6.16-rc1 during internal testing. I assume that changes in other modules may have contributed to this.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.151-r0) |
| 25 LTS | linux-lts | Fixed (6.12.44-r0) | |
| Stream | linux-lts | Fixed (6.12.43-r0) |
References
- https://git.kernel.org/stable/c/1903a6c1f2818154f6bc87bceaaecafa92b6ac5c
- https://git.kernel.org/stable/c/7ce6f83ca9d52c9245b7a017466fc4baa1241b0b
- https://git.kernel.org/stable/c/a49f0abd8959048af18c6c690b065eb0d65b2d21
- https://git.kernel.org/stable/c/a936be9b5f51c4d23f66fb673e9068c6b08104a4
- https://git.kernel.org/stable/c/b356ee013a79e7e3147bfe065de376706c5d2ee9
- https://git.kernel.org/stable/c/bd20733746263acaaf2a21881665db27ee4303d5
- https://git.kernel.org/stable/c/bec8109f957a6e193e52d1728799994c8005ca83
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html