CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40067 – fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
https://notcve.org/view.php?id=CVE-2025-40067
28 Oct 2025 — If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. ... If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. • https://git.kernel.org/stable/c/b35a50d639ca5259466ef5fea85529bb4fb17d5b •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50442 – fs/ntfs3: Validate buffer length while parsing index
https://notcve.org/view.php?id=CVE-2022-50442
01 Oct 2025 — exit_to_user_mode_prepare+0x49/0x180 [ 560.921867] __x64_sys_open+0x4c/0x60 [ 560.922128] do_syscall_64+0x3b/0x90 [ 560.922369] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 560.923030] RIP: 0033:0x7f7dff2e4469 [ 560.923681] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088 [ 560.924451] RSP: 002b:00007ffd41a210b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 560.925168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dff2e446... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53420 – ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
https://notcve.org/view.php?id=CVE-2023-53420
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53294 – fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53294
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Syzbot reported a null-ptr-deref bug: ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:d_flags_fo... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50336 – fs/ntfs3: Add null pointer check to attr_load_runs_vcn
https://notcve.org/view.php?id=CVE-2022-50336
15 Sep 2025 — This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50262 – fs/ntfs3: Validate BOOT record_size
https://notcve.org/view.php?id=CVE-2022-50262
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT record_size When the NTFS BOOT record_size field < 0, it represents a shift value. However, there is no sanity check on the shift result and the sbi->record_bits calculation through blksize_bits() assumes the size always > 256, which could lead to NPD while mounting a malformed NTFS image. However, there is no sanity check on the shift result and the sbi->record_bits calculation through blksize_bits() a... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49763 – ntfs: fix use-after-free in ntfs_attr_find()
https://notcve.org/view.php?id=CVE-2022-49763
01 May 2025 — This patch (of 3): Syzkaller reported use-after-free read as follows: ================================================================== BUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597 Read of size 2 at addr ffff88807e352009 by task syz-executor153/3607 [...] Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49762 – ntfs: check overflow when iterating ATTR_RECORDs
https://notcve.org/view.php?id=CVE-2022-49762
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). ... In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). • https://git.kernel.org/stable/c/5559eb5809353a83a40a1e4e7f066431c7b83020 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49553 – fs/ntfs3: validate BOOT sectors_per_clusters
https://notcve.org/view.php?id=CVE-2022-49553
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectors_per_clusters When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a shift value. Make sure that the shift value is not too large before using it (NTFS max cluster size is 2MB). Make sure that the shift value is not too large before using it (NTFS max cluster size is 2MB). ... /fs/ntfs3/super.c:673:16 shift exponent -192 is negative In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49166 – ntfs: add sanity check on allocation size
https://notcve.org/view.php?id=CVE-2022-49166
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. • https://git.kernel.org/stable/c/bd8d7daa0e53b184a2f3c6e0d47330780d0a0650 •