CVE-2025-71309

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a memory leak that occurred when ntfsreadmft failed. When the label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, the next attribute will go to the label ATTRALLOC, resulting in an...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - ntfs: Added a sanity check on the allocation size. - ntfsread inodemount calls ntfsmallocnofs with an allocation size of zero. This triggers a bug in the ntfsmalloc function. This issue has been fixed by adding a sanity chec...

MiracleLinux 8 : grub2-2.02-156.el8.ML.1 (AXSA:2024-8448:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8448:04 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...

CVE-2023-54077

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

CVE-2023-54077

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

CVE-2023-54077 fs/ntfs3: Fix memory leak if ntfs_read_mft failed

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

PT-2025-52901

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel’s NTFS3 filesystem component contains a flaw where allocated memory is not initialized before use. This issue is identified through Kernel Memory Sanitizer KMSAN reports...

PT-2025-53154

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ntfs3 filesystem when the ntfs read mft function fails under specific conditions. The issue arises from inconsistencies in setting flags...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from ntfsreadea not returning an error for inconsistent extended attributes, which could lead to reuse after release...

EUVD-2022-55327

Malicious code in bioql PyPI...

DEBIAN-CVE-2022-50056

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing iop in ntfsreadmft There is null pointer dereference because iop == NULL. The bug happens because we don't initialize iop for records in $Extend...

CVE-2022-50056 fs/ntfs3: Fix missing i_op in ntfs_read_mft

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing iop in ntfsreadmft There is null pointer dereference because iop == NULL. The bug happens because we don't initialize iop for records in $Extend...

PT-2025-25982 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the Linux kernel, specifically in the ntfs read mft function within the fs/ntfs3 module. This occurs because the i op is not...

CVE-2022-49166 ntfs: add sanity check on allocation size

In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfsreadinodemount invokes ntfsmallocnofs with zero allocation size. It triggers one BUG in the ntfsmalloc function. Fix this by adding sanity check on ni-attrlistsize...

CVE-2022-49166

In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfsreadinodemount invokes ntfsmallocnofs with zero allocation size. It triggers one BUG in the ntfsmalloc function. Fix this by adding sanity check on ni-attrlistsize...

USN-6332-1 linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 William Zhao discovered that the Traffic Control T...

PT-2023-2023 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.8 Description: The issue is related to the ntfs read mft function in the fs/ntfs3/inode.c module of the Linux kernel, which lacks validation of attribute sizes. This can be exploited to impact the...

SUSE CVE-2018-12929

ntfsreadlockedinode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service kernel oops or panic via a crafted ntfs filesystem...

PT-2022-33391 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15 through v5.19.3 Description: A potential security issue has been identified in the Linux Kernel, related to the ntfs read mft function. The actual impact and attack plausibility have not yet been proven...