CVE-2026-46072

Source
https://cve.org/CVERecord?id=CVE-2026-46072
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46072.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46072
Downstream
Related
Published
2026-05-27T12:58:00.299Z
Modified
2026-06-26T11:56:56.091217019Z
Summary
ntfs3: add buffer boundary checks to run_unpack()
Details

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: add buffer boundary checks to run_unpack()

rununpack() checks run_buf < run_last at the top of the while loop but then reads sizesize and offsetsize bytes via rununpack_s64() without verifying they fit within the remaining buffer. A crafted NTFS image with truncated run data in an MFT attribute triggers an OOB heap read of up to 15 bytes when the filesystem is mounted.

Add boundary checks before each rununpacks64() call to ensure the declared field size does not exceed the remaining buffer.

Found by fuzzing with a source-patched harness (LibAFL + QEMU).

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46072.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
82cae269cfa953032fbb8980a7d554d60fb00b17
Fixed
bbad75336870b51b81979b97613746237fcb02fe
Fixed
425de2aba0d061b3e715d51a3b1992c112ed5b99
Fixed
bf7ac4a1d3bfc6e56e54635c3d331a68170d37c9
Fixed
e64f7dfcaff79e7dfff9121a382dd77f9b462f62
Fixed
d3012690a7065d9ca86521a525ad11e8af491d45
Fixed
41aadf5cb482793a24e05aa136224e179a778586
Fixed
b62567bca47408e6739dee75f02a2113548af875

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46072.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46072.json"