Unrated severityNVD Advisory· Published Apr 13, 2018· Updated Dec 4, 2025

ntfs-3g: Modprobe influence vulnerability via environment variables

CVE-2017-0358

Description

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

Affected products

Ntfs 3g/Ntfs 3gv5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/41240/mitreexploitx_refsource_EXPLOIT-DB
www.exploit-db.com/exploits/41356/mitreexploitx_refsource_EXPLOIT-DB
security.gentoo.org/glsa/201702-10mitrevendor-advisoryx_refsource_GENTOO
www.debian.org/security/2017/dsa-3780mitrevendor-advisoryx_refsource_DEBIAN
www.openwall.com/lists/oss-security/2017/02/04/1mitremailing-listx_refsource_MLIST
www.securityfocus.com/bid/95987mitrevdb-entryx_refsource_BID
marc.infomitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000