Linux Kernel NTFS Allocation Size Vulnerability Leading to Memory Management Bug

Vulnerability

A vulnerability in the Linux kernel's NTFS file system handling has been addressed. The issue arose because the 'ntfs_read_inode_mount' function called 'ntfs_malloc_nofs' with a zero allocation size, which triggered a bug in the memory management function '__ntfs_malloc'. This vulnerability has been fixed by adding a sanity check on the attribute list size to prevent zero allocations.

Impact

Exploitation of this vulnerability caused a bug in the memory management of the NTFS file system, which could lead to improper handling of memory allocations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NTFS Allocation Size Vulnerability Leading to Memory Management Bug

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating