Unrated severityNVD Advisory· Published Sep 7, 2021· Updated Dec 2, 2025
CVE-2021-35268
CVE-2021-35268
Description
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
Affected products
137- NTFS-3G/NTFS-3Gdescription
- osv-coords136 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfspkg:rpm/almalinux/libguestfs-appliancepkg:rpm/almalinux/libguestfs-bash-completionpkg:rpm/almalinux/libguestfs-develpkg:rpm/almalinux/libguestfs-gfs2pkg:rpm/almalinux/libguestfs-gobjectpkg:rpm/almalinux/libguestfs-gobject-develpkg:rpm/almalinux/libguestfs-inspect-iconspkg:rpm/almalinux/libguestfs-javapkg:rpm/almalinux/libguestfs-java-develpkg:rpm/almalinux/libguestfs-javadocpkg:rpm/almalinux/libguestfs-man-pages-japkg:rpm/almalinux/libguestfs-man-pages-ukpkg:rpm/almalinux/libguestfs-rescuepkg:rpm/almalinux/libguestfs-rsyncpkg:rpm/almalinux/libguestfs-toolspkg:rpm/almalinux/libguestfs-tools-cpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libguestfs-xfspkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-bash-completionpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libtpmspkg:rpm/almalinux/libtpms-develpkg:rpm/almalinux/libvirtpkg:rpm/almalinux/libvirt-clientpkg:rpm/almalinux/libvirt-daemonpkg:rpm/almalinux/libvirt-daemon-config-networkpkg:rpm/almalinux/libvirt-daemon-config-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-interfacepkg:rpm/almalinux/libvirt-daemon-driver-networkpkg:rpm/almalinux/libvirt-daemon-driver-nodedevpkg:rpm/almalinux/libvirt-daemon-driver-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-qemupkg:rpm/almalinux/libvirt-daemon-driver-secretpkg:rpm/almalinux/libvirt-daemon-driver-storagepkg:rpm/almalinux/libvirt-daemon-driver-storage-corepkg:rpm/almalinux/libvirt-daemon-driver-storage-diskpkg:rpm/almalinux/libvirt-daemon-driver-storage-glusterpkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsipkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-directpkg:rpm/almalinux/libvirt-daemon-driver-storage-logicalpkg:rpm/almalinux/libvirt-daemon-driver-storage-mpathpkg:rpm/almalinux/libvirt-daemon-driver-storage-rbdpkg:rpm/almalinux/libvirt-daemon-driver-storage-scsipkg:rpm/almalinux/libvirt-daemon-kvmpkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/libvirt-develpkg:rpm/almalinux/libvirt-docspkg:rpm/almalinux/libvirt-libspkg:rpm/almalinux/libvirt-lock-sanlockpkg:rpm/almalinux/libvirt-nsspkg:rpm/almalinux/libvirt-wiresharkpkg:rpm/almalinux/lua-guestfspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-filterpkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-nbd-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-tar-filterpkg:rpm/almalinux/nbdkit-tar-pluginpkg:rpm/almalinux/nbdkit-tmpdisk-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/ocaml-hivexpkg:rpm/almalinux/ocaml-hivex-develpkg:rpm/almalinux/ocaml-libguestfspkg:rpm/almalinux/ocaml-libguestfs-develpkg:rpm/almalinux/ocaml-libnbdpkg:rpm/almalinux/ocaml-libnbd-develpkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Guestfspkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libguestfspkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/qemu-guest-agentpkg:rpm/almalinux/qemu-imgpkg:rpm/almalinux/qemu-kvmpkg:rpm/almalinux/qemu-kvm-block-curlpkg:rpm/almalinux/qemu-kvm-block-glusterpkg:rpm/almalinux/qemu-kvm-block-iscsipkg:rpm/almalinux/qemu-kvm-block-rbdpkg:rpm/almalinux/qemu-kvm-block-sshpkg:rpm/almalinux/qemu-kvm-commonpkg:rpm/almalinux/qemu-kvm-corepkg:rpm/almalinux/qemu-kvm-docspkg:rpm/almalinux/qemu-kvm-hw-usbredirpkg:rpm/almalinux/qemu-kvm-testspkg:rpm/almalinux/qemu-kvm-ui-openglpkg:rpm/almalinux/qemu-kvm-ui-spicepkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/ruby-libguestfspkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/SLOFpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/almalinux/swtpmpkg:rpm/almalinux/swtpm-develpkg:rpm/almalinux/swtpm-libspkg:rpm/almalinux/swtpm-toolspkg:rpm/almalinux/swtpm-tools-pkcs11pkg:rpm/almalinux/virt-dibpkg:rpm/almalinux/virt-v2vpkg:rpm/almalinux/virt-v2v-bash-completionpkg:rpm/almalinux/virt-v2v-man-pages-japkg:rpm/almalinux/virt-v2v-man-pages-ukpkg:rpm/opensuse/ntfs-3g_ntfsprogs&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ntfs-3g_ntfsprogs&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ntfs-3g_ntfsprogs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ntfs-3g_ntfsprogs&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/ntfs-3g_ntfsprogs&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/ntfs-3g_ntfsprogs&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 1.3.18-23.module_el8.6.0+2880+7d9e3703+ 135 more
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 8.6-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 20210217-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 2021.8.22-lp152.5.3.1
- (no CPE)range: < 2021.8.22-3.8.1
- (no CPE)range: < 2021.8.22-5.9.1
- (no CPE)range: < 2021.8.22-5.9.1
- (no CPE)range: < 2021.8.22-3.8.1
- (no CPE)range: < 2021.8.22-3.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/mitrevendor-advisory
- security.gentoo.org/glsa/202301-01mitrevendor-advisory
- www.debian.org/security/2021/dsa-4971mitrevendor-advisory
- www.openwall.com/lists/oss-security/2021/08/30/1mitremailing-list
- lists.debian.org/debian-lts-announce/2021/11/msg00013.htmlmitremailing-list
- ntfs-3g.commitre
- github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jpmitre
News mentions
0No linked articles in our index yet.