CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel up to version 6.2.7, fs/ntfs3/inode.c contains an invalid kfree function because it does not validate the MFT flags before replaying logs...

7.8CVSS7AI score0.00017EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в ntfs-3g

NTFS-3G versions prior to 2021.8.22 may experience a heap buffer overflow when a specially crafted NTFS attribute is set up using the function ntfsattrsetupflag. This could allow code execution and an escalation of privileges...

7.8CVSS7.3AI score0.00145EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed the missing iop in ntfsreadmft. There is a null pointer dereference issue because iop == NULL. The bug occurs because we do not initialize iop for records in $Extend$...

5.5CVSS5.7AI score0.00049EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в ntfs-3g

In NTFS-3G versions before 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access, which can be...

7.8CVSS6.9AI score0.00037EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010744)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010744 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...

7.8CVSS7.2AI score0.00017EPSS

Exploits0References3

NVD•added 2025/12/30 1:15 p.m.•3 views

CVE-2022-50841

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

0.00036EPSS

Cvelist•added 2025/12/30 12:10 p.m.•20 views

CVE-2022-50841 fs/ntfs3: Add overflow check for attribute size

0.00036EPSS

EUVD•added 2025/12/24 3:30 p.m.•3 views

EUVD-2023-60368

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

6AI score0.00029EPSS

CVE•added 2025/12/24 1:5 p.m.•16 views

CVE-2022-50739

The connected docs confirm CVE-2022-50739 affects the Linux kernel's ntfs3 filesystem. Root cause: missing validation of inode's i_op pointer after reading the Root directory MFT, which can cause a NULL pointer dereference when mounting an image with a malformed Root directory MFT record. The fix...

5.8AI score0.00028EPSS

CNNVD•added 2025/12/24 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to clear the allocated run buffer when reading MFT fails, which could lead to a memory leak...

6.2AI score0.00029EPSS

Positive Technologies•added 2025/12/24 12:0 a.m.•2 views

PT-2025-53105

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc4 Description The Linux kernel contains a flaw in the NTFS3 file system implementation. Specifically, a missing null pointer check for inode operations can lead to a kernel null pointer dereference when...

6.4AI score0.00028EPSS

Exploits0References9

SUSE CVE•added 2025/10/29 12:24 a.m.•2 views

SUSE CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

5.5CVSS6.6AI score0.00062EPSS

Exploits0References3

OSV•added 2025/10/28 12:15 p.m.•4 views

AZL-68933 CVE-2025-40068 affecting package kernel for versions less than 6.6.112.1-2

5.8AI score0.00062EPSS

Exploits0References1

CVE•added 2025/10/28 11:48 a.m.•16 views

CVE-2025-40068

The CVE-2025-40068 entry is supported by multiple connected advisories confirming a concrete Linux kernel issue in the ntfs3 subsystem. The vulnerability stems from an overflow in the run_unpack() path that decodes the MFT runlist (used to map virtual clusters to logical clusters). Because values...

6.3AI score0.00062EPSS

Cvelist•added 2025/10/28 11:48 a.m.•3 views

CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()

0.00062EPSS

Cvelist•added 2025/09/15 2:49 p.m.•5 views

CVE-2022-50336 fs/ntfs3: Add null pointer check to attr_load_runs_vcn

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check to attrloadrunsvcn Some metadata files are handled before MFT. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS...

0.00022EPSS