Login Sign Up

CVE-2024-52560

5.5 MEDIUM
Denial of Service

📋 TL;DR

A vulnerability in the Linux kernel's NTFS3 filesystem driver could cause filesystem corruption when handling malformed NTFS attributes. Systems using the NTFS3 driver to mount NTFS partitions are affected, potentially leading to data loss or system instability.

💻 Affected Systems

Products:
  • Linux kernel with NTFS3 driver enabled
Versions: Linux kernel versions with NTFS3 driver before the fix commits
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only systems with NTFS3 driver enabled and mounting NTFS partitions are vulnerable. NTFS3 is not enabled by default in all distributions.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Filesystem corruption leading to data loss, system crashes, or denial of service requiring filesystem repair or restoration from backup.

🟠

Likely Case

Filesystem errors when accessing corrupted NTFS partitions, potentially causing application failures or system instability.

🟢

If Mitigated

Minor filesystem errors that are caught and handled gracefully by the kernel's error reporting mechanisms.

🌐 Internet-Facing: LOW - This is a local filesystem driver vulnerability requiring local access or malicious filesystem mounts.
🏢 Internal Only: MEDIUM - Internal users with access to mount NTFS partitions could potentially trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to mount or access specially crafted NTFS partitions. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e and d9c699f2c4dc174940ffe8600b20c267897da155

Vendor Advisory: https://git.kernel.org/stable/c/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable NTFS3 driver

linux

Prevent loading of the vulnerable NTFS3 filesystem driver

echo 'blacklist ntfs3' >> /etc/modprobe.d/blacklist-ntfs3.conf
update-initramfs -u
reboot

Use alternative NTFS driver

linux

Use NTFS-3G userspace driver instead of kernel NTFS3 driver

apt-get install ntfs-3g
mount -t ntfs-3g /dev/sdX /mnt/ntfs

🧯 If You Can't Patch

  • Avoid mounting untrusted NTFS partitions
  • Implement strict access controls on NTFS mount operations

🔍 How to Verify

Check if Vulnerable:

Check if NTFS3 module is loaded: lsmod | grep ntfs3

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: uname -r and verify against patched versions

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing NTFS3 errors
  • Filesystem corruption errors in dmesg
  • System logs indicating filesystem mount failures

Network Indicators:

  • None - this is a local filesystem vulnerability

SIEM Query:

source="kernel" AND "ntfs3" AND ("error" OR "corrupt" OR "bad inode")

📊 Metadata

CVE ID: CVE-2024-52560
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.05% exploit probability (14.3th percentile)
Published: February 27, 2025
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON