Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT, due to unexpected index state. Reject such cases by verifying that the bitmap is not empty when index blocks exist.

INFO

Published Date :

2025-10-28T11:48:37.034Z

Last Modified :

2025-12-01T06:17:18.363Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40067 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40067.

URL Resource
https://git.kernel.org/stable/c/039ddf353cc33f6546a87ec1ac3210637d714bec cve-icon cve-icon
https://git.kernel.org/stable/c/0dc7117da8f92dd5fe077d712a756eccbe377d40 cve-icon cve-icon
https://git.kernel.org/stable/c/978aac54e93ea35aab20b32ae393d3d33964e7ae cve-icon cve-icon
https://git.kernel.org/stable/c/be66551da203862c689c12e1d35ce87217c017c1 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40067-fb1b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40067 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40067 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact