SB20260625138 - Improper Check or Handling of Exceptional Conditions in Linux kernel ntfs3



SB20260625138 - Improper Check or Handling of Exceptional Conditions in Linux kernel ntfs3

Published: June 25, 2026

Security Bulletin ID SB20260625138
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2026-53027)

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper handling of attribute segment run loading in attr_data_get_block_locked() when processing compressed or sparse attributes with frame-aligned clusters. A local user can trigger the affected code path to cause a denial of service.

The issue is triggered when vcn is rounded down to the frame start and vcn and vcn0 reside in different attribute segments.


Remediation

Install update from vendor's website.