SB20250422136 - Integer overflow in Linux kernel ntfs3
Published: April 22, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250422136
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2025-22080)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the fs/ntfs3/ntfs.h. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/201a2bdda13b619c4927700ffe47d387a30ced50
- https://git.kernel.org/stable/c/6bb81b94f7a9cba6bde9a905cef52a65317a8b04
- https://git.kernel.org/stable/c/85615aa442830027923fc690390fa74d17b36ae1
- https://git.kernel.org/stable/c/b9982065b82b4177ba3a7a72ce18c84921f7494d
- https://git.kernel.org/stable/c/f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87