CVE-2025-40067

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist

Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption.

syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT, due to unexpected index state.

Reject such cases by verifying that the bitmap is not empty when index blocks exist.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb35a50d639ca5259466ef5fea85529bb4fb17d5b < 978aac54e93ea35aab20b32ae393d3d33964e7aeaffected
LinuxLinux3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc < be66551da203862c689c12e1d35ce87217c017c1affected
LinuxLinuxd99208b91933fd2a58ed9ed321af07dacd06ddc3 < 039ddf353cc33f6546a87ec1ac3210637d714becaffected
LinuxLinuxd99208b91933fd2a58ed9ed321af07dacd06ddc3 < 0dc7117da8f92dd5fe077d712a756eccbe377d40affected
LinuxLinux358d4f821c03add421a4c49290538a705852ccf1affected
LinuxLinuxa285395020780adac1ffbc844069c3d700bf007aaffected
LinuxLinux6.6.102 < 6.6.112affected
LinuxLinux6.12.42 < 6.12.53affected
LinuxLinux6.15.10 < 6.16affected
LinuxLinux6.16.1 < 6.17affected
LinuxLinux6.17affected
LinuxLinux0 < 6.17unaffected
LinuxLinux6.6.112 <= 6.6.*unaffected
LinuxLinux6.12.53 <= 6.12.*unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References