Linux Kernel NTFS3 BOOT Sector Validation Vulnerability Allowing Shift-Out-Of-Bounds Errors

Vulnerability

A vulnerability in the Linux kernel's NTFS3 file system handling has been addressed. The issue arose in the validation of the BOOT sectors' 'sectors_per_cluster' field. When this field exceeded a certain value, it could lead to negative shift values or values larger than the field size, causing a shift-out-of-bounds error. The vulnerability has been resolved by ensuring that the shift value does not exceed a specified limit before it is used, with invalid values now returning an error. This fix prevents potential undefined behavior by addressing the root cause of the shift-out-of-bounds error.

Impact

Exploitation of this vulnerability could lead to a shift-out-of-bounds error, causing undefined behavior in the kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NTFS3 BOOT Sector Validation Vulnerability Allowing Shift-Out-Of-Bounds Errors

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating