CVE-2025-22080

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22080
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22080.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-22080
Downstream
Related
Published
2025-04-16T14:12:29.886Z
Modified
2025-11-20T09:27:31.590149Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
fs/ntfs3: Prevent integer overflow in hdr_first_de()
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Prevent integer overflow in hdrfirstde()

The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does work as intended because of an integer overflow.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
60ce8dfde03558bfc290cd915c60fa243ba2ae84
Fixed
f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
60ce8dfde03558bfc290cd915c60fa243ba2ae84
Fixed
201a2bdda13b619c4927700ffe47d387a30ced50
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
60ce8dfde03558bfc290cd915c60fa243ba2ae84
Fixed
85615aa442830027923fc690390fa74d17b36ae1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
60ce8dfde03558bfc290cd915c60fa243ba2ae84
Fixed
b9982065b82b4177ba3a7a72ce18c84921f7494d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
60ce8dfde03558bfc290cd915c60fa243ba2ae84
Fixed
6bb81b94f7a9cba6bde9a905cef52a65317a8b04

Affected versions

v6.*

v6.0
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h",
            "function": "hdr_first_de"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6bb81b94f7a9cba6bde9a905cef52a65317a8b04",
        "digest": {
            "length": 370.0,
            "function_hash": "34514868849266344688611836732508773976"
        },
        "id": "CVE-2025-22080-1184fcc1"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h",
            "function": "hdr_first_de"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85615aa442830027923fc690390fa74d17b36ae1",
        "digest": {
            "length": 370.0,
            "function_hash": "34514868849266344688611836732508773976"
        },
        "id": "CVE-2025-22080-184690ea"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h",
            "function": "hdr_first_de"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@201a2bdda13b619c4927700ffe47d387a30ced50",
        "digest": {
            "length": 370.0,
            "function_hash": "34514868849266344688611836732508773976"
        },
        "id": "CVE-2025-22080-2d71983b"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@201a2bdda13b619c4927700ffe47d387a30ced50",
        "digest": {
            "line_hashes": [
                "61211644175715903876080477362781888972",
                "209761879739030624829072201504783204224",
                "74890321517042270434961576887761551115",
                "304418823071002196582982374485929217579"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-22080-63bcb710"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9982065b82b4177ba3a7a72ce18c84921f7494d",
        "digest": {
            "line_hashes": [
                "61211644175715903876080477362781888972",
                "209761879739030624829072201504783204224",
                "74890321517042270434961576887761551115",
                "304418823071002196582982374485929217579"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-22080-668accaf"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6bb81b94f7a9cba6bde9a905cef52a65317a8b04",
        "digest": {
            "line_hashes": [
                "61211644175715903876080477362781888972",
                "209761879739030624829072201504783204224",
                "74890321517042270434961576887761551115",
                "304418823071002196582982374485929217579"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-22080-7c3eba4f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h",
            "function": "hdr_first_de"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9982065b82b4177ba3a7a72ce18c84921f7494d",
        "digest": {
            "length": 370.0,
            "function_hash": "34514868849266344688611836732508773976"
        },
        "id": "CVE-2025-22080-7f54a6bf"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h",
            "function": "hdr_first_de"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0",
        "digest": {
            "length": 370.0,
            "function_hash": "34514868849266344688611836732508773976"
        },
        "id": "CVE-2025-22080-d39b62a5"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0",
        "digest": {
            "line_hashes": [
                "61211644175715903876080477362781888972",
                "209761879739030624829072201504783204224",
                "74890321517042270434961576887761551115",
                "304418823071002196582982374485929217579"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-22080-d9078362"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "fs/ntfs3/ntfs.h"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85615aa442830027923fc690390fa74d17b36ae1",
        "digest": {
            "line_hashes": [
                "61211644175715903876080477362781888972",
                "209761879739030624829072201504783204224",
                "74890321517042270434961576887761551115",
                "304418823071002196582982374485929217579"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-22080-e0b6fdcf"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.87
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2