CVE-2025-40067 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT, due to unexpected index state. Reject such cases by verifying that the bitmap is not empty when index blocks exist.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-28 | Updated 2025-10-28 | Assigner Linux

Product status

Default status

unaffected

b35a50d639ca5259466ef5fea85529bb4fb17d5b (git) before 978aac54e93ea35aab20b32ae393d3d33964e7ae

affected

3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc (git) before be66551da203862c689c12e1d35ce87217c017c1

affected

d99208b91933fd2a58ed9ed321af07dacd06ddc3 (git) before 039ddf353cc33f6546a87ec1ac3210637d714bec

affected

d99208b91933fd2a58ed9ed321af07dacd06ddc3 (git) before 0dc7117da8f92dd5fe077d712a756eccbe377d40

affected

358d4f821c03add421a4c49290538a705852ccf1 (git)

affected

a285395020780adac1ffbc844069c3d700bf007a (git)

affected

Default status

affected

6.17

affected

Any version before 6.17

unaffected

6.6.112 (semver)

unaffected

6.12.53 (semver)

unaffected

6.17.3 (semver)

unaffected

6.18-rc1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/978aac54e93ea35aab20b32ae393d3d33964e7ae

git.kernel.org/...c/be66551da203862c689c12e1d35ce87217c017c1

git.kernel.org/...c/039ddf353cc33f6546a87ec1ac3210637d714bec

git.kernel.org/...c/0dc7117da8f92dd5fe077d712a756eccbe377d40

cve.org (CVE-2025-40067)

nvd.nist.gov (CVE-2025-40067)

Download JSON

help @ threatint.eu