Linux Distros Unpatched Vulnerability : CVE-2026-45864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range valid : pos, if valid cannot be retrieved...

CVE-2025-71309

A flaw was found in the Linux kernel's ntfs3 filesystem driver. An issue with incorrect lock ordering between the inode mutex and page locks during compressed frame reading can lead to a deadlock. This vulnerability allows a local attacker to cause a system to hang, resulting in a Denial of Servi...

CVE-2025-71312

A flaw was found in the Linux kernel's NTFS3 file system driver. A local user could exploit this vulnerability by mounting a specially crafted file. This issue leads to a memory leak, a type of resource management error, which can cause system instability or a denial of service DoS by exhausting...

CVE-2026-45864

A flaw was found in the Linux kernel's NTFS3 file system driver. This vulnerability allows a local attacker to trigger an infinite loop when the system attempts to process specific file system data. Successful exploitation can lead to a system hang, resulting in a Denial of Service DoS...

CVE-2026-45935

A flaw was found in the Linux kernel's NTFS3 filesystem driver. Insufficient bounds checking when processing log records in the DeleteIndexEntryRoot function allows a local attacker to provide a maliciously large entry size. This can lead to a heap buffer overflow, a type of memory corruption,...

CVE-2026-46062

A flaw was found in the Linux kernel's ntfs3 filesystem driver. An integer overflow vulnerability exists in the rununpack function's volume boundary check. This flaw occurs because the check uses raw addition, which can wrap around for large values, potentially bypassing validation. This could le...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: This issue prevents UBSAN errors occurring in truesectorsperclst. The syzbot reported the following UBSAN error: 76.901829 T6677 ================================================================================ 76.903908...

CVE-2026-31716

A flaw was found in the Linux kernel's NTFS3 file system driver. A local attacker with control over a corrupted filesystem could exploit an out-of-bounds write vulnerability during journal replay. This flaw occurs because the rec-used value is not properly validated, leading to incorrect memory...

SUSE CVE-2023-54077

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

EUVD-2022-52116

Malicious code in bioql PyPI...

UBUNTU-CVE-2022-50056

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing iop in ntfsreadmft There is null pointer dereference because iop == NULL. The bug happens because we don't initialize iop for records in $Extend...

CVE-2024-50245

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in miread Mutex lock with another subclass used in nilockdir...

DEBIAN-CVE-2024-38625

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6235-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6235-1 advisory. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker...

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6134-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6134-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some...

Ubuntu 22.10 : Linux kernel vulnerabilities (USN-6091-1)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6091-1 advisory. It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6057-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6057-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker...

DEBIAN-CVE-2022-48423

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2023-013 (ALASKERNEL-5.15-2023-013)

The version of kernel installed on the remote host is prior to 5.15.90-54.138. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2023-013 advisory. In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows a...

OESA-2023-1038 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in the Linux kernel?s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a...