VDB
CISA-2025-22080
CISA-2025-22080
PUBLISHED
CVSS 5.5 MEDIUM
Reported by Linux · Published April 16, 2025
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX - 16 then the check does work as intended because of an integer overflow.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 60ce8dfde03558bfc290cd915c60fa243ba2ae84, 60ce8dfde03558bfc290cd915c60fa243ba2ae84, 60ce8dfde03558bfc290cd915c60fa243ba2ae84 |
| Linux | Linux | 6.2, 0, 6.6.87 |
| linux | linux_kernel | 6.2, 6.2, 6.2 |
| Linux | Linux | 60ce8dfde03558bfc290cd915c60fa243ba2ae84, 60ce8dfde03558bfc290cd915c60fa243ba2ae84, 60ce8dfde03558bfc290cd915c60fa243ba2ae84 |
Timeline
- Apr 16, 2025 CVE Published
- Oct 1, 2025 CVE Updated