-

CVE-2026-53027

fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()

When a compressed or sparse attribute has its clusters frame-aligned,
vcn is rounded down to the frame start using cmask, which can result
in vcn != vcn0. In this case, vcn and vcn0 may reside in different
attribute segments.

The code already handles the case where vcn is in a different segment
by loading its runs before allocation. However, it fails to load runs
for vcn0 when vcn0 resides in a different segment than vcn. This causes
run_lookup_entry() to return SPARSE_LCN for vcn0 since its segment was
never loaded into the in-memory run list, triggering the WARN_ON(1).

Fix this by adding a missing check for vcn0 after the existing vcn
segment check. If vcn0 falls outside the current segment range
[svcn, evcn1), find and load the attribute segment containing vcn0
before performing the run lookup.

The following scenario triggers the bug:
  attr_data_get_block_locked()
    vcn = vcn0 & cmask        <- vcn != vcn0 after frame alignment
    load runs for vcn segment <- vcn0 segment not loaded!
    attr_allocate_clusters()  <- allocation succeeds
    run_lookup_entry(vcn0)    <- vcn0 not in run -> SPARSE_LCN
    WARN_ON(1)                <- bug fires here!
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
Version < 2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54
Status affected
Version c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
Version < d7ea8495fd307b58f8867acd81a1b40075b1d3ba
Status affected
Version 406a037d93b769bca248476bd14bbe548dc1ec35
Status affected
Version 6.1.132
Version < 6.2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.2
Status affected
Version 0
Version < 6.2
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54
https://git.kernel.org/stable/c/d7ea8495fd307b58f8867acd81a1b40075b1d3ba