What is GHSA-68g3-h729-p4rw?

GHSA-68g3-h729-p4rw is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow...

Which CVE IDs does GHSA-68g3-h729-p4rw cover?

GHSA-68g3-h729-p4rw covers the following CVE IDs: CVE-2026-46062. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-68g3-h729-p4rw?

GHSA-68g3-h729-p4rw has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-68g3-h729-p4rwHighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46062 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: fix integer overflow in run_unpack() volume boundary check

The volume boundary check lcn + len > sbi->used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use check_add_overflow() as is already done for the adjacent prev_lcn + dlcn and vcn64 + len checks added by commit 3ac37e100385 ("ntfs3: Fix integer overflow in run_unpack()").

Found by fuzzing with a source-patched harness (LibAFL + QEMU).

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-46062
https://git.kernel.org/stable/c/60dab3e2931f3d792438a77a6cb0cb731c43300b
https://git.kernel.org/stable/c/6175d09c23bec4b60860ee9a0170308ff4b56e10
https://git.kernel.org/stable/c/984a415f019536ea2d24de9010744e5302a9a948
https://git.kernel.org/stable/c/a954061b334ec67c79ae9d0cadd83fa521396487
https://git.kernel.org/stable/c/f1af27cec07a9fd0847166bdb23c99e86b05bfdc
https://github.com/advisories/GHSA-68g3-h729-p4rw