1024 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53029
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry...
CVE-2026-53029
A flaw was found in the Linux kernel's ntfs3 filesystem driver. This vulnerability occurs due to an uninitialized local variable lcn when handling zero-length data during I/O operations. An attacker could potentially exploit this flaw to cause a denial of service or information disclosure due to...
CVE-2026-53027
A flaw was found in the Linux kernel's fs/ntfs3 component. When handling compressed or sparse attributes with frame-aligned clusters, a missing run load for vcn0 can occur if vcn0 resides in a different attribute segment. This oversight can lead to a kernel warning WARNON1 during a run lookup,...
Linux Distros Unpatched Vulnerability : CVE-2026-53027
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to t...
EUVD-2026-38897
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...
EUVD-2026-38895
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to the frame start using cmask, which can result in vcn != vcn0. In this...
CVE-2026-53029
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...
CVE-2026-53027
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to the frame start using cmask, which can result in vcn != vcn0. In this...
CVE-2026-53029
CVE-2026-53029: In the Linux kernel’s ntfs3 codepath, an uninitialized LCN could be triggered due to a zero-length path in ntfs_iomap_begin. The bug arises because run_lookup_entry() can fail and leave *len and the new value/err at 0, causing attr_data_get_block_locked() to take an ok path before...
CVE-2026-53029 fs/ntfs3: prevent uninitialized lcn caused by zero len
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...
CVE-2026-53027
The CVE concerns the Linux kernel ntfs3 code path in attr_data_get_block_locked, where a compressed or sparse attribute with frame-aligned clusters can cause vcn to be misaligned (vcn != vcn0). If vcn0 resides in a different attribute segment than vcn, the in-memory run list may not have loaded t...
CVE-2026-53027 fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to the frame start using cmask, which can result in vcn != vcn0. In this...
CVE-2026-53023
CVE-2026-53023 affects Linux kernel ntfs3: ntfs_fill_super() converts the on-disk volume label from UTF-16 to UTF-8 and stores it in sbi->volume.label, but utf16s_to_utf8s() does not append a NUL terminator. If the converted label fills the fixed buffer, ntfs3_label_show() could read past the ...
CVE-2026-53023 fs/ntfs3: terminate the cached volume label after UTF-8 conversion
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in sbi-volume.label. The converted label is later exposed through...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A slab-out-of-bounds read issue in DeleteIndexEntryRoot has been fixed. In the DeleteIndexEntryRoot function of the doaction function, the entry size esize is retrieved from the log record without proper bounds checking...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fixed an infinite loop triggered by a zero-sized ATTRLIST. We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS attack. A malformed NTFS image can cause an infinite loop when the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check the return value of indxfind to avoid infinite loops We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fixed an infinite loop in attrloadrunsrange when there are inconsistencies in metadata. We have identified a bug in the ntfs3 file system where a malformed NTFS image can cause an infinite loop. This occurs when an...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Treating $Extend records as regular files. Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Allocate memory before using it. KMSAN reports: Multiple uninitialized values were detected: - KMSAN: uninit-value in ntfsreadhdr 3 - KMSAN: uninit-value in bcmp 3 Memory is allocated by getname, which is a wrapper f...