CVE-2025-40068Linux vulnerability

55 documents7 sources
Severity
7.8HIGHOSV
OSV5.5OSV3.2
No vector
EPSS
0.1%
top 82.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedOct 28
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in run_unpack() The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths showed that the values of the runlist array, from which LCNs are calculated, are not validated before run_unpack function. The run_unpack function decodes the compressed runlist data format from MF

Affected Packages7 packages

Linuxlinux/linux_kernel5.15.05.15.195+4
Debianlinux/linux_kernel< 6.1.158-1+2
Ubuntulinux/linux_kernel< 5.15.0-170.180+2
CVEListV5linux/linux4342306f0f0d5ff4315a204d315c1b51b914fca5f6b36cfd25cbadad63447c673743cf771090e756+6

🔴Vulnerability Details

27
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23

📋Vendor Advisories

27
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01