CVE-2025-40067
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT, due to unexpected index state. Reject such cases by verifying that the bitmap is not empty when index blocks exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40067
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's NTFS3 filesystem driver. It happens when the $BITMAP attribute, which tracks usage of index entries, is empty while index blocks already exist on disk. This situation indicates on-disk corruption. Specifically, during a rename operation involving a long filename that spans multiple index entries, the empty bitmap allowed the new name to be added without proper tracking. Later, deleting the original entry failed due to an unexpected index state. The fix involves rejecting cases where the bitmap is empty but index blocks exist.

Impact Analysis

This vulnerability can lead to filesystem corruption or inconsistent index states in the NTFS3 filesystem on Linux. It may cause operations like renaming or deleting files with long filenames to fail unexpectedly, potentially leading to data integrity issues or loss of access to files.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for this vulnerability, which rejects index allocation if the $BITMAP is empty but blocks exist. This prevents on-disk corruption related to NTFS index handling. Avoid using malformed NTFS images that could trigger this condition until the patch is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40067. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart