CVE-2026-46062
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
A vulnerability in the Linux kernel related to integer overflow in the run_unpack() function during volume boundary checks has been resolved. This issue occurred due to the use of raw addition, which could bypass validation for large lcn and len values.
Risk Assessment
Organizations may be exposed to unauthorized data access or data loss due to this vulnerability, potentially leading to serious security implications.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor systems for potential exploits.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use check_add_overflow() as is already done for the adjacent prev_lcn + dlcn and vcn64 + len checks added by commit 3ac37e100385 ("ntfs3: Fix integer overflow in run_unpack()"). Found by fuzzing with a source-patched harness (LibAFL + QEMU).

