CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43245 – ntfs: ->d_compare() must not block
https://notcve.org/view.php?id=CVE-2026-43245
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ntfs: ->d_compare() must not block ... so don't use __getname() there. ... Yes, ntfs_d_hash() almost certainly can do with smaller allocations, but let ntfs folks deal with that - keep the allocation size as-is for now. Stop abusing names_cachep in ntfs, period - various uses of that thing in there have nothing to do with pathnames; just use k[mz]alloc() and be done with that. • https://git.kernel.org/stable/c/a3a956c78efaa202b1d75190136671cf6e87bfbe •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71267 – fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
https://notcve.org/view.php?id=CVE-2025-71267
18 Mar 2026 — A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it. ... Una imagen NTFS malformada puede causar un bucle infinito cuando un atributo ATTR_LIST indica un tamaño de datos cero mientras el controlador asigna memoria para ello. • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71265 – fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
https://notcve.org/view.php?id=CVE-2025-71265
18 Mar 2026 — A malformed NTFS image can cause an infinite loop when an attribute header indicates an empty run list, while directory entries reference it as containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way to represent an empty run list, and run_unpack() correctly handles this by checking if evcn + 1 equals svcn and returning early without parsing any run data. ... Una imagen NTFS malformada puede causar un bucle infinito cuando un encabezado de atributo indica una lista d... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71067 – ntfs: set dummy blocksize to read boot_block when mounting
https://notcve.org/view.php?id=CVE-2025-71067
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read the boot_block without being defined or validated. ... [almaz.alexandrovich@paragon-software.com: changed comment style, added return value handling] In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read ... • https://git.kernel.org/stable/c/28861e3bbd9e7ac4cd9c811aad71b4d116e27930 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50737 – fs/ntfs3: Validate index root when initialize NTFS security
https://notcve.org/view.php?id=CVE-2022-50737
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40067 – fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
https://notcve.org/view.php?id=CVE-2025-40067
28 Oct 2025 — If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. ... If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. • https://git.kernel.org/stable/c/b35a50d639ca5259466ef5fea85529bb4fb17d5b •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50442 – fs/ntfs3: Validate buffer length while parsing index
https://notcve.org/view.php?id=CVE-2022-50442
01 Oct 2025 — exit_to_user_mode_prepare+0x49/0x180 [ 560.921867] __x64_sys_open+0x4c/0x60 [ 560.922128] do_syscall_64+0x3b/0x90 [ 560.922369] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 560.923030] RIP: 0033:0x7f7dff2e4469 [ 560.923681] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088 [ 560.924451] RSP: 002b:00007ffd41a210b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 560.925168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dff2e446... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53420 – ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
https://notcve.org/view.php?id=CVE-2023-53420
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53294 – fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53294
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Syzbot reported a null-ptr-deref bug: ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:d_flags_fo... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50336 – fs/ntfs3: Add null pointer check to attr_load_runs_vcn
https://notcve.org/view.php?id=CVE-2022-50336
15 Sep 2025 — This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •