Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NTFS3 Attribute Size Check Vulnerability Leading to Out-of-Bounds Access

Vulnerability

A vulnerability in the Linux kernel's NTFS3 file system handling has been addressed. The issue involved inadequate checks on attribute sizes, which could lead to buffer overflows and out-of-bounds memory access. This vulnerability was identified during the enumeration of attributes, where the size checks did not properly account for all potential overflow scenarios. The problem was detected in a Linux kernel version 6.0.0-rc7+ environment, running on a QEMU virtual machine.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory access, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by mounting an NTFS file system with attributes that trigger the insufficient size checks, specifically in a Linux kernel version 6.0.0-rc7+ environment.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.

Added: Oct 1, 2025, 2:13 PM
Updated: Oct 1, 2025, 2:13 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.