CVE-2025-22080

April 16, 2025, 3:16 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX - 16 then the check does work as intended because of an integer overflow.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • Ntfs3
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /
a linux ntfs3 / / / / / / / /

References

https://git.kernel.org/stable/c/201a2bdda13b619c4927700ffe47d387a30ced50
https://git.kernel.org/stable/c/6bb81b94f7a9cba6bde9a905cef52a65317a8b04
https://git.kernel.org/stable/c/85615aa442830027923fc690390fa74d17b36ae1
https://git.kernel.org/stable/c/b9982065b82b4177ba3a7a72ce18c84921f7494d
https://git.kernel.org/stable/c/f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-04-16
CVE-2025-22080

Timeline

Published: April 16, 2025, 3:16 p.m.
Last Modified: April 16, 2025, 3:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.