In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix integer overflow in run_unpack() volume boundary check
The volume boundary check lcn + len > sbi->used.bitmap.nbits uses raw
addition which can wrap around for large lcn and len values, bypassing
the validation. Use checkaddoverflow() as is already done for the
adjacent prevlcn + dlcn and vcn64 + len checks added by commit
3ac37e100385 ("ntfs3: Fix integer overflow in rununpack()").
Found by fuzzing with a source-patched harness (LibAFL + QEMU).
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46062.json"
}