Astra Linux – Vulnerability in ntfs-3g

An invalid return code in fusekernmount allows for intercepting the libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A 64-bit variable is used to avoid 32-bit overflow. For example, in the expression: vbo = 2 vbo + skip...

Linux Distros Unpatched Vulnerability : CVE-2025-71311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longestmatchstd, invoked from ntfscompresswrite. When new folios are allocate...

CVE-2026-45935 fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'doaction' function, the entry size 'esize' is retrieved from the log record without adequate bounds checking. Specifically,...

Astra Linux - уязвимость в linux-5.15

A flaw in the NULL Pointer Dereference mechanism within the Linux kernel’s NTFS3 driver function attrpunchhole was identified. A local user could exploit this flaw to crash the system...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image with an unallocated bitmap can lead to an endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...

ALPINE-CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

USN-8192-1 ntfs-3g vulnerabilities

Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in a denial of service, or to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2023-52890 Andrea...

[SECURITY] [DSA 6221-1] ntfs-3g security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6221-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 21, 2026 https://www.debian.org/security/faq -...

USN-8180-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1543 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path CVE-2024-14027 In the Linux kernel, the following vulnerability has been...

ROS-20260403-73-0039

A vulnerability in the fs/ntfs3/dir.c component of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability allows an attacker to cause a denial of service...

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

...

SUSE CVE-2025-71265

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite lo...

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:5264)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5264 advisory. QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service CVE-2023-3354 NTFS-3G: buffer overflow issue ...

MiracleLinux 8 : virt:rhel (AXSA:2022-3568:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3568:01 advisory. QEMU: virtio-net: heap use-after-free in virtionetreceivercu CVE-2021-3748 ntfs-3g: Out-of-bounds heap buffer access in ntfsgetattributevalue due to...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2023-6011:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6011:01 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-31...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: A integer overflow has been fixed in the rununpack function. The MFT record related to the opened file contains a runlist—an array containing information about the file’s location on the physical disk. Analysis of all...

CVE-2022-50841

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

CVE-2022-50869 fs/ntfs3: Fix slab-out-of-bounds in r_page

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in rpage When PAGESIZE is 64K, if readlogpage is called by logreadrst for the first time, the size of buffer would be equal to DefaultLogPageSize4K.But for buffer operations like memcpy, if the...