What is CVE-2026-45864?

CVE-2026-45864 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15 onward and patched in 5.15.202, 6.1.165, 6.6.128 and others. CVE-2026-45864 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-45864?

CVE-2026-45864 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-45864?

Yes, CVE-2026-45864 has been patched. Fixed versions include 5.15.202, 6.1.165, 6.6.128 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-45864 actively exploited?

CVE-2026-45864 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-45864

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1]. Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this. [1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244 inode_lock include/linux/fs.h:1027 [inline] ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284

Package Linux Kernel

Published 2026-05-27

Last modified 2026-05-27

Patch available

Yes

Affected versions

Linux kernel versions 5.15 and later are affected. Fixed in 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0 and their respective stable series.

Affected from

≥ 5.15

Fixed in

✓ 5.15.202 5.15.x ✓ 6.1.165 6.1.x ✓ 6.6.128 6.6.x ✓ 6.12.75 6.12.x ✓ 6.18.14 6.18.x ✓ 6.19.4 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-45864 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-45864?

CVE-2026-45864 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 5.15.202, 6.1.165, 6.6.128 and others. CVE-2026-45864 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-45864?

Yes — CVE-2026-45864 has been patched. Fixed versions include 5.15.202, 6.1.165, 6.6.128 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-45864 actively exploited?

No — CVE-2026-45864 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.