CVE-2025-40067

EPSS 0.03%
Veröffentlicht 28.10.2025 11:48:37
Zuletzt bearbeitet 30.10.2025 15:05:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist

Index allocation requires at least one bit in the $BITMAP attribute to
track usage of index entries. If the bitmap is empty while index blocks
are already present, this reflects on-disk corruption.

syzbot triggered this condition using a malformed NTFS image. During a
rename() operation involving a long filename (which spans multiple
index entries), the empty bitmap allowed the name to be added without
valid tracking. Subsequent deletion of the original entry failed with
-ENOENT, due to unexpected index state.

Reject such cases by verifying that the bitmap is not empty when index
blocks exist.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 978aac54e93ea35aab20b32ae393d3d33964e7ae

Version b35a50d639ca5259466ef5fea85529bb4fb17d5b

Status affected

Version < be66551da203862c689c12e1d35ce87217c017c1

Version 3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc

Status affected

Version < 039ddf353cc33f6546a87ec1ac3210637d714bec

Version d99208b91933fd2a58ed9ed321af07dacd06ddc3

Status affected

Version < 0dc7117da8f92dd5fe077d712a756eccbe377d40

Version d99208b91933fd2a58ed9ed321af07dacd06ddc3

Status affected

Version 358d4f821c03add421a4c49290538a705852ccf1

Status affected

Version a285395020780adac1ffbc844069c3d700bf007a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version < 6.17

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/978aac54e93ea35aab20b32ae393d3d33964e7ae

https://git.kernel.org/stable/c/be66551da203862c689c12e1d35ce87217c017c1

https://git.kernel.org/stable/c/039ddf353cc33f6546a87ec1ac3210637d714bec

https://git.kernel.org/stable/c/0dc7117da8f92dd5fe077d712a756eccbe377d40

https://nvd.nist.gov/vuln/detail/CVE-2025-40067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40067

EUVD