CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71067 – ntfs: set dummy blocksize to read boot_block when mounting
https://notcve.org/view.php?id=CVE-2025-71067
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read the boot_block without being defined or validated. ... [almaz.alexandrovich@paragon-software.com: changed comment style, added return value handling] In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read ... • https://git.kernel.org/stable/c/28861e3bbd9e7ac4cd9c811aad71b4d116e27930 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50737 – fs/ntfs3: Validate index root when initialize NTFS security
https://notcve.org/view.php?id=CVE-2022-50737
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40067 – fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
https://notcve.org/view.php?id=CVE-2025-40067
28 Oct 2025 — If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. ... If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. • https://git.kernel.org/stable/c/b35a50d639ca5259466ef5fea85529bb4fb17d5b •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50442 – fs/ntfs3: Validate buffer length while parsing index
https://notcve.org/view.php?id=CVE-2022-50442
01 Oct 2025 — exit_to_user_mode_prepare+0x49/0x180 [ 560.921867] __x64_sys_open+0x4c/0x60 [ 560.922128] do_syscall_64+0x3b/0x90 [ 560.922369] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 560.923030] RIP: 0033:0x7f7dff2e4469 [ 560.923681] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088 [ 560.924451] RSP: 002b:00007ffd41a210b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 560.925168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dff2e446... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53420 – ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
https://notcve.org/view.php?id=CVE-2023-53420
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53294 – fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53294
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Syzbot reported a null-ptr-deref bug: ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:d_flags_fo... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50336 – fs/ntfs3: Add null pointer check to attr_load_runs_vcn
https://notcve.org/view.php?id=CVE-2022-50336
15 Sep 2025 — This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50262 – fs/ntfs3: Validate BOOT record_size
https://notcve.org/view.php?id=CVE-2022-50262
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT record_size When the NTFS BOOT record_size field < 0, it represents a shift value. However, there is no sanity check on the shift result and the sbi->record_bits calculation through blksize_bits() assumes the size always > 256, which could lead to NPD while mounting a malformed NTFS image. However, there is no sanity check on the shift result and the sbi->record_bits calculation through blksize_bits() a... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49763 – ntfs: fix use-after-free in ntfs_attr_find()
https://notcve.org/view.php?id=CVE-2022-49763
01 May 2025 — This patch (of 3): Syzkaller reported use-after-free read as follows: ================================================================== BUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597 Read of size 2 at addr ffff88807e352009 by task syz-executor153/3607 [...] Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49762 – ntfs: check overflow when iterating ATTR_RECORDs
https://notcve.org/view.php?id=CVE-2022-49762
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). ... In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •