{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46062", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.095Z", "datePublished": "2026-05-27T12:57:24.416Z", "dateUpdated": "2026-05-27T12:57:24.416Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:57:24.416Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: fix integer overflow in run_unpack() volume boundary check\n\nThe volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw\naddition which can wrap around for large lcn and len values, bypassing\nthe validation. Use check_add_overflow() as is already done for the\nadjacent prev_lcn + dlcn and vcn64 + len checks added by commit\n3ac37e100385 (\"ntfs3: Fix integer overflow in run_unpack()\").\n\nFound by fuzzing with a source-patched harness (LibAFL + QEMU)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/run.c"], "versions": [{"version": "82cae269cfa953032fbb8980a7d554d60fb00b17", "lessThan": "a954061b334ec67c79ae9d0cadd83fa521396487", "status": "affected", "versionType": "git"}, {"version": "82cae269cfa953032fbb8980a7d554d60fb00b17", "lessThan": "60dab3e2931f3d792438a77a6cb0cb731c43300b", "status": "affected", "versionType": "git"}, {"version": "82cae269cfa953032fbb8980a7d554d60fb00b17", "lessThan": "f1af27cec07a9fd0847166bdb23c99e86b05bfdc", "status": "affected", "versionType": "git"}, {"version": "82cae269cfa953032fbb8980a7d554d60fb00b17", "lessThan": "6175d09c23bec4b60860ee9a0170308ff4b56e10", "status": "affected", "versionType": "git"}, {"version": "82cae269cfa953032fbb8980a7d554d60fb00b17", "lessThan": "984a415f019536ea2d24de9010744e5302a9a948", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/run.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a954061b334ec67c79ae9d0cadd83fa521396487"}, {"url": "https://git.kernel.org/stable/c/60dab3e2931f3d792438a77a6cb0cb731c43300b"}, {"url": "https://git.kernel.org/stable/c/f1af27cec07a9fd0847166bdb23c99e86b05bfdc"}, {"url": "https://git.kernel.org/stable/c/6175d09c23bec4b60860ee9a0170308ff4b56e10"}, {"url": "https://git.kernel.org/stable/c/984a415f019536ea2d24de9010744e5302a9a948"}], "title": "ntfs3: fix integer overflow in run_unpack() volume boundary check", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: fix integer overflow in run_unpack() volume boundary check\n\nThe volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw\naddition which can wrap around for large lcn and len values, bypassing\nthe validation. Use check_add_overflow() as is already done for the\nadjacent prev_lcn + dlcn and vcn64 + len checks added by commit\n3ac37e100385 (\"ntfs3: Fix integer overflow in run_unpack()\").\n\nFound by fuzzing with a source-patched harness (LibAFL + QEMU)."}], "id": "CVE-2026-46062", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:26.063", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/60dab3e2931f3d792438a77a6cb0cb731c43300b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6175d09c23bec4b60860ee9a0170308ff4b56e10"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/984a415f019536ea2d24de9010744e5302a9a948"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a954061b334ec67c79ae9d0cadd83fa521396487"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f1af27cec07a9fd0847166bdb23c99e86b05bfdc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ntfs3: fix integer overflow in run_unpack() volume boundary check", "id": "2482150", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482150"}, "csaw": false, "cwe": "CWE-190", "details": ["A flaw was found in the Linux kernel's ntfs3 filesystem driver. An integer overflow vulnerability exists in the `run_unpack()` function's volume boundary check. This flaw occurs because the check uses raw addition, which can wrap around for large values, potentially bypassing validation. This could lead to system instability or data corruption."], "name": "CVE-2026-46062", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46062\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46062\nhttps://lore.kernel.org/linux-cve-announce/2026052756-CVE-2026-46062-35ef@gregkh/T"]}

{"created": "2026-05-27T20:15:16.212991+00:00", "updated": "2026-05-27T20:15:16.213008+00:00", "vendors": [], "weaknesses": ["CWE-190", "CWE-680"]}