7.8

CVE-2026-46062

ntfs3: fix integer overflow in run_unpack() volume boundary check

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: fix integer overflow in run_unpack() volume boundary check

The volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw
addition which can wrap around for large lcn and len values, bypassing
the validation.  Use check_add_overflow() as is already done for the
adjacent prev_lcn + dlcn and vcn64 + len checks added by commit
3ac37e100385 ("ntfs3: Fix integer overflow in run_unpack()").

Found by fuzzing with a source-patched harness (LibAFL + QEMU).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.86
LinuxLinux Kernel Version >= 6.13 < 6.18.27
LinuxLinux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.038
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/a954061b334ec67c79ae9d0cadd83fa521396487
Patch
https://git.kernel.org/stable/c/60dab3e2931f3d792438a77a6cb0cb731c43300b
Patch
https://git.kernel.org/stable/c/f1af27cec07a9fd0847166bdb23c99e86b05bfdc
Patch
https://git.kernel.org/stable/c/6175d09c23bec4b60860ee9a0170308ff4b56e10
Patch
https://git.kernel.org/stable/c/984a415f019536ea2d24de9010744e5302a9a948
Patch
https://git.kernel.org/stable/c/424858f9a048057bb8f834bfe03d18f5e477e747
Patch
https://git.kernel.org/stable/c/e73cd5aed6b15e55c1c47577bdb473b5e88d6a69
Patch