CVE-2026-46062

HIGH EPSS 3.9%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use check_add_overflow() as is already done for the adjacent prev_lcn + dlcn and vcn64 + len checks added by commit 3ac37e100385 ("ntfs3: Fix integer overflow in run_unpack()"). Found by fuzzing with a source-patched harness (LibAFL + QEMU).

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
3.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <5.15.209
linuxlinux_kernel*≥5.16  –  <6.1.175
linuxlinux_kernel*≥6.2  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.86
linuxlinux_kernel*≥6.13  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4

References 7

  • git.kernel.org https://git.kernel.org/stable/c/424858f9a048057bb8f834bfe03d18f5e477e747
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/60dab3e2931f3d792438a77a6cb0cb731c43300b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6175d09c23bec4b60860ee9a0170308ff4b56e10
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/984a415f019536ea2d24de9010744e5302a9a948
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a954061b334ec67c79ae9d0cadd83fa521396487
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e73cd5aed6b15e55c1c47577bdb473b5e88d6a69
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f1af27cec07a9fd0847166bdb23c99e86b05bfdc
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/424858f9a048057bb8f834bfe03d18f5e477e747
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/60dab3e2931f3d792438a77a6cb0cb731c43300b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6175d09c23bec4b60860ee9a0170308ff4b56e10
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/984a415f019536ea2d24de9010744e5302a9a948
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a954061b334ec67c79ae9d0cadd83fa521396487
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e73cd5aed6b15e55c1c47577bdb473b5e88d6a69
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f1af27cec07a9fd0847166bdb23c99e86b05bfdc
    Patch