Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NTFS3 Filesystem Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's NTFS3 filesystem implementation. This issue arises in the 'ntfs_lookup()' function when the Master File Table (MFT) record of an NTFS inode is not a base record, causing 'inode->i_op' to be NULL. The vulnerability was reported by Syzbot and can lead to a general protection fault, likely due to a non-canonical address.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a general protection fault.

Reproduction

The vulnerability can be reproduced by mounting an NTFS volume with a sector size of 1024 bytes, different from the media sector size of 512 bytes. This discrepancy causes the NTFS3 filesystem to mark the volume as dirty due to errors. When the 'ntfs_lookup()' function is called, the 'inode->i_op' can be set to NULL, triggering the null pointer dereference when 'd_splice_alias()' is executed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Sep 16, 2025, 4:57 PM
Updated: Sep 16, 2025, 4:57 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.