CVE-2025-22081
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
16/04/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fs/ntfs3: Fix a couple integer overflows on 32bit systems<br />
<br />
On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can<br />
have an integer wrapping issue. Fix it by using size_add().
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15 (including) | 5.15.180 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.134 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.87 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.23 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0538f52410b619737e663167b6a2b2d0bc1a589d
- https://git.kernel.org/stable/c/0922d86a7a6032cb1694eab0b44b861bd33ba8d5
- https://git.kernel.org/stable/c/0dfe700fbd3525f30a36ffbe390a5b9319bd009a
- https://git.kernel.org/stable/c/1a14e9718a19d2e88de004a1360bfd7a86ed1395
- https://git.kernel.org/stable/c/284c9549386e9883855fb82b730303bb2edea9de
- https://git.kernel.org/stable/c/4d0f4f42922a832388a0c2fe5204c0a1037ff786
- https://git.kernel.org/stable/c/5ad414f4df2294b28836b5b7b69787659d6aa708
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html