CVE-2025-22081

MEDIUM

Linux Kernel 5.15-6.14.2 - NTFS3 Integer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. Fix it by using size_add().

References (8)

Core 8

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/0922d86a7a6032cb1694eab0b44b861bd33ba8d5

Patch

https://git.kernel.org/stable/c/1a14e9718a19d2e88de004a1360bfd7a86ed1395

Patch

https://git.kernel.org/stable/c/0dfe700fbd3525f30a36ffbe390a5b9319bd009a

Patch

https://git.kernel.org/stable/c/284c9549386e9883855fb82b730303bb2edea9de

Patch

https://git.kernel.org/stable/c/0538f52410b619737e663167b6a2b2d0bc1a589d

Patch

https://git.kernel.org/stable/c/4d0f4f42922a832388a0c2fe5204c0a1037ff786

Patch

https://git.kernel.org/stable/c/5ad414f4df2294b28836b5b7b69787659d6aa708

Scores

CVSS v3 5.5

EPSS 0.0017

EPSS Percentile 6.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (23)

linux/Kernel 5.15.0 - 5.15.180linux

linux/Kernel 5.16.0 - 6.1.134linux

linux/Kernel 6.13.0 - 6.13.11linux

linux/Kernel 6.14.0 - 6.14.2linux

linux/Kernel 6.2.0 - 6.6.87linux

linux/Kernel 6.7.0 - 6.12.23linux

Linux/Linux < 5.15

Linux/Linux 5.15

Linux/Linux 5.15.180 - 5.15.*

Linux/Linux 6.1.134 - 6.1.*

... and 13 more

Published Apr 16, 2025

Tracked Since Feb 18, 2026