CVE-2025-22080: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22080 is a vulnerability discovered in the Linux kernel's NTFS3 filesystem implementation, specifically in the hdrfirstde() function. The vulnerability was disclosed on April 16, 2025, affecting various Linux distributions and systems using the NTFS3 filesystem module (NVD, Ubuntu).

The vulnerability stems from an integer overflow condition in the hdrfirstde() function of the NTFS3 filesystem implementation. The issue occurs when the 'deoff' and 'used' variables, which are read from disk, are both greater than UINTMAX - 16 on 32-bit systems, causing an integer overflow that prevents the intended check from working correctly (Red Hat). The vulnerability has been assigned a CVSS v3.1 base score of 5.5, indicating moderate severity, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability affects systems running the Linux kernel with NTFS3 filesystem support, particularly on 32-bit architectures. The impact is primarily focused on availability, as indicated by the CVSS metrics showing high impact on availability but no impact on confidentiality or integrity (Red Hat).

The vulnerability has been patched in various Linux kernel versions. Ubuntu has marked this as a medium priority issue and is actively working on updates for affected versions including 25.04 (plucky), 24.10 (oracular), and 24.04 LTS (noble). Earlier versions such as 22.04 LTS (jammy) and 20.04 LTS (focal) are not affected (Ubuntu). Red Hat Enterprise Linux versions 6, 7, 8, and 9 are not affected by this vulnerability (Red Hat).