CVE-2025-40068

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel's NTFS3 subsystem related to integer overflow in the run unpack() function. The run unpack() function decodes compressed runlist data from MFT attributes, converting it into a runs tree structure. Insufficient validation of runlist array values before processing can lead to arbitrary data access or destruction on the disk, potentially bypassing access checks. The issue involves substituting the runlist in the $DATA attribute of the MFT record for an arbitrary file. An overflow check has been added to address the addition operation. This was discovered by the Linux Verification Center (linuxtesting.org) with SVACE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-68933

BDU:2025-16393

CVE-2025-40068

DLA-4379-1

DSA-6053-1

ECHO-7957-8E59-4472

MGASA-2025-0309

MGASA-2025-0310

OPENSUSE-SU-2025:15702-1

OPENSUSE-SU-2026:10301-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40068

Weakness Enumeration

Related Identifiers

Affected Products

References · 1926