VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 28, 2025· Updated Apr 15, 2026

CVE-2025-40067

CVE-2025-40067

Description

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist

Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption.

syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT, due to unexpected index state.

Reject such cases by verifying that the bitmap is not empty when index blocks exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, fs/ntfs3 rejects index allocation if $BITMAP is empty but index blocks exist, fixing a corruption path triggered by malformed NTFS images.

Vulnerability

In the Linux kernel's NTFS3 filesystem, index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already present, this reflects on-disk corruption. The kernel now rejects such cases by verifying that the bitmap is not empty when index blocks exist [1].

## Exploitation syzbot triggered this condition using a malformed NTFS image. During a rename() operation involving a long filename (which spans multiple index entries), the empty bitmap allowed the name to be added without valid tracking. Subsequent deletion of the original entry failed with -ENOENT due to unexpected index state [1].

Impact

An attacker with the ability to mount a crafted NTFS image can cause filesystem inconsistency, leading to failed rename operations and potential denial of service. No evidence of privilege escalation or remote code execution has been provided.

Mitigation

The fix is included in the stable kernel commit referenced [1]. Users are advised to update their kernels to include this patch. No workarounds are documented.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

4
978aac54e93e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
be66551da203
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
039ddf353cc3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
0dc7117da8f9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.