CVE-2025-22080

Опубликовано: 16 апр. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX - 16 then the check does work as intended because of an integer overflow.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=2360304kernel: fs/ntfs3: Prevent integer overflow in hdr_first_de()

EPSS

Процентиль: 2%

0.00015

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-22080

CVSS3: 5.5

ubuntu

7 месяцев назад

CVE-2025-22080

CVSS3: 5.5

nvd

7 месяцев назад

CVE-2025-22080

CVSS3: 5.5

msrc

4 месяца назад

Описание отсутствует

CVE-2025-22080

CVSS3: 5.5

debian

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: f ...

GHSA-qx79-q87h-mhp6

CVSS3: 5.5

github

7 месяцев назад

EPSS

Процентиль: 2%

0.00015

Низкий

5.5 Medium

CVSS3