In the NTFS-3G utility from the set ntfs-3g , which offers the user’s space Implementation of the NTFS file system, revealed vulnerability cve-2022-40284 , potentially allowing the Root Code in the system when mounting a specially designed section. Vulnerability is eliminated in the issue of ntfs-3G 2022.10.3 .
..
Vulnerability is caused by an error in the parsing code of metadata in NTFS sections, leading to the overflow of the buffer when processing in a certain way designed images with FS NTFS. The attack can be made when the user of the image or drive prepared by the attacker, or when connecting to the USB Flash computer with a specially designed section (if the system is configured to automatically mount NTFS sections using NTFS-3G). Work exploites for the indicated vulnerability have not yet been demonstrated.