Linux Kernel NTFS Attribute Record Iteration Integer Overflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's NTFS file system handling has been identified, specifically during the iteration over attribute records in the Master File Table (MFT). The issue arises in the function 'ntfs_attr_find()', where the kernel calculates the end address of the current attribute record based on its length. This calculation can lead to an integer overflow, causing the iteration to become infinite on 32-bit systems. The vulnerability has been addressed by implementing additional checks to prevent the overflow during the iteration process.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the system to enter an infinite loop during the attribute record iteration.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NTFS Attribute Record Iteration Integer Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating