Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631 Call Trace: memmove+0x25/0x60 mm/kasan/shadow.c:54 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276 Before using the meta-data in struct INDEX_HDR, we need to check index header valid or not. Otherwise, the corruptedi (or malicious) fs image can cause out-of-bounds access which could make kernel panic.
Product status
82cae269cfa953032fbb8980a7d554d60fb00b17 (git) before c58ea97aa94f033ee64a8cb6587d84a9849b6216
82cae269cfa953032fbb8980a7d554d60fb00b17 (git) before 9163a5b4ed290da4a7d23fa92533e0e81fd0166e
82cae269cfa953032fbb8980a7d554d60fb00b17 (git) before 114204d25e1dffdd3a0c1cfbba219afd344f4b4f
82cae269cfa953032fbb8980a7d554d60fb00b17 (git) before 4a034ece7e2877673d9085d6e7ed45e6ee40b761
82cae269cfa953032fbb8980a7d554d60fb00b17 (git) before ab84eee4c7ab929996602eda7832854c35a6dda2
5.15
Any version before 5.15
5.15.111 (semver)
6.1.28 (semver)
6.2.15 (semver)
6.3.2 (semver)
6.4 (original_commit_for_fix)
References
git.kernel.org/...c/c58ea97aa94f033ee64a8cb6587d84a9849b6216
git.kernel.org/...c/9163a5b4ed290da4a7d23fa92533e0e81fd0166e
git.kernel.org/...c/114204d25e1dffdd3a0c1cfbba219afd344f4b4f
git.kernel.org/...c/4a034ece7e2877673d9085d6e7ed45e6ee40b761
git.kernel.org/...c/ab84eee4c7ab929996602eda7832854c35a6dda2
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
