CVE-2026-46072

A flaw was found in the Linux kernel's ntfs3 module. A local attacker, by mounting a specially crafted NTFS New Technology File System image containing truncated run data, could trigger an out-of-bounds heap read. This vulnerability allows for the disclosure of sensitive information from kernel...

Linux Distros Unpatched Vulnerability : CVE-2025-39734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Revert fs/ntfs3: Replace inodetrylock with inodelock This reverts commit...

CVE-2025-38615 fs/ntfs3: cancle set bad inode after removing name fails

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted ilink. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted...

CVE-2025-22080

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...

CVE-2022-4842

A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attrpunchhole was found. A local user could use this flaw to crash the system...

CVE-2022-3238

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...