CVE-2025-40067
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption.
syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT, due to unexpected index state.
Reject such cases by verifying that the bitmap is not empty when index blocks exist.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b35a50d639ca5259466ef5fea85529bb4fb17d5b < 978aac54e93ea35aab20b32ae393d3d33964e7ae | affected |
| Linux | Linux | 3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc < be66551da203862c689c12e1d35ce87217c017c1 | affected |
| Linux | Linux | d99208b91933fd2a58ed9ed321af07dacd06ddc3 < 039ddf353cc33f6546a87ec1ac3210637d714bec | affected |
| Linux | Linux | d99208b91933fd2a58ed9ed321af07dacd06ddc3 < 0dc7117da8f92dd5fe077d712a756eccbe377d40 | affected |
| Linux | Linux | 358d4f821c03add421a4c49290538a705852ccf1 | affected |
| Linux | Linux | a285395020780adac1ffbc844069c3d700bf007a | affected |
| Linux | Linux | 6.6.102 < 6.6.112 | affected |
| Linux | Linux | 6.12.42 < 6.12.53 | affected |
| Linux | Linux | 6.15.10 < 6.16 | affected |
| Linux | Linux | 6.16.1 < 6.17 | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.6.112 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.53 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.3 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/978aac54e93ea35aab20b32ae393d3d33964e7ae
- https://git.kernel.org/stable/c/be66551da203862c689c12e1d35ce87217c017c1
- https://git.kernel.org/stable/c/039ddf353cc33f6546a87ec1ac3210637d714bec
- https://git.kernel.org/stable/c/0dc7117da8f92dd5fe077d712a756eccbe377d40
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.