ntfs3: add buffer boundary checks to run_unpack()

...

ntfs3: fix integer overflow in run_unpack() volume boundary check

...

UBUNTU-CVE-2026-46072

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

CVE-2026-46072

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

CVE-2026-46062

ntfs3: fix integer overflow in rununpack volume boundary check...

PT-2026-43939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The run unpack function in the ntfs3 driver fails to verify if the size size and offset size bytes read via run unpack s64 fit within the remaining buffer, despite checking run buf run...

PT-2026-43929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the run unpack function within the ntfs3 driver. The volume boundary check lcn + len sbi-used.bitmap.nbits utilizes raw addition, which can wrap around when...

CVE-2025-71265

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite lo...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: A integer overflow has been fixed in the rununpack function. The MFT record related to the opened file contains a runlist—an array containing information about the file’s location on the physical disk. Analysis of all...

fs: ntfs3: Fix integer overflow in run_unpack()

...

SUSE CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

UBUNTU-CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

EUVD-2025-36460

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

CVE-2025-40068

The CVE-2025-40068 entry is supported by multiple connected advisories confirming a concrete Linux kernel issue in the ntfs3 subsystem. The vulnerability stems from an overflow in the run_unpack() path that decodes the MFT runlist (used to map virtual clusters to logical clusters). Because values...

CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

PT-2025-44136

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel's NTFS3 subsystem related to integer overflow in the run unpack function. The run unpack function decodes compressed runlist data from MFT attributes,...

UBUNTU-CVE-2023-26544

In the Linux kernel 6.0.8, there is a use-after-free in rununpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size...