CVE-2025-71309
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
In the Linux kernel, a deadlock was found in the ni_read_folio_cmpr function of the NTFS3 file system. The issue is caused by a lock inversion between the inode mutex (ni_lock) and page locks, leading to a deadlock between two tasks. The fix restructures locking: ni_lock is no longer taken in ntfs_read_folio(), but only after all page locks for the compressed frame have been acquired.
Risk Assessment
The deadlock can cause processes reading files on an NTFS3 partition to hang, potentially leading to system unresponsiveness or application crashes.
Recommendation
Update the Linux kernel to a version containing the fix (commit resolving the issue). If an update is not possible, consider temporarily disabling compression in NTFS3 or limiting read operations on NTFS3 partitions.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni_read_folio_cmpr Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is caused by a lock inversion deadlock involving the inode mutex (ni_lock) and page locks. Scenario: 1. Task A enters ntfs_read_folio() for page X. It acquires ni_lock. 2. Task A calls ni_read_folio_cmpr(), which attempts to lock all pages in the compressed frame (including page Y). 3. Concurrently, Task B (e.g., via readahead) has locked page Y and calls ntfs_read_folio(). 4. Task B waits for ni_lock (held by A). 5. Task A waits for page Y lock (held by B). -> DEADLOCK. The fix is to restructure locking: do not take ni_lock in ntfs_read_folio(). Instead, acquire ni_lock inside ni_read_folio_cmpr() ONLY AFTER all required page locks for the frame have been successfully acquired. This restores the correct lock ordering (Page Lock -> ni_lock) consistent with VFS. [[email protected]: ni_readpage_cmpr was renamed to ni_read_folio_cmpr]

