Index Allocation Vulnerability in Linux Kernel Affecting NTFS File System
CVE-2025-40067
What is CVE-2025-40067?
The Linux Kernel contains a vulnerability within the NTFS file system that impacts index allocation when the $BITMAP attribute is empty, despite the presence of existing index blocks. This flaw, which can lead to on-disk corruption, allows for improper index entry tracking during operations such as renaming files with long names. Specifically, an empty bitmap fails to validate the conditions required for safely managing index states, resulting in potential data integrity issues. The vulnerability was identified during testing with a malformed NTFS image, highlighting the necessity for rigorous verification of bitmap conditions during index allocation to prevent unexpected behavior and data loss.
Affected Version(s)
Linux b35a50d639ca5259466ef5fea85529bb4fb17d5b < 978aac54e93ea35aab20b32ae393d3d33964e7ae
Linux 3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc
Linux d99208b91933fd2a58ed9ed321af07dacd06ddc3 < 039ddf353cc33f6546a87ec1ac3210637d714bec