This vulnerability affects the NTFS3 driver in the Linux kernel. When the attr_set_size() function fails while truncating a file, the error is ignored silently. As a result, the inode metadata can become inconsistent, potentially leading to corrupted file contents, loss of data, or a denial of service if file system integrity is compromised. The weakness is a failure to appropriately handle an error condition, allowing state corruption. Based on the description, the impact is limited to local systems that have the affected kernel using NTFS3 devices; there is no evidence of a remote execution vector.

All versions of the Linux kernel that contain the NTFS3 file system implementation before the patch identified by commit 576248a34b9 are affected. The vulnerability is present on any host that mounts NTFS3 file systems, whether on internal storage or removable media, without being updated to a kernel version that includes the fix.

The CVSS score is not provided, and EPSS information is unavailable, so quantitative metrics are unknown. The vulnerability is listed as not in the CISA KEV catalog. The lowest‑labeled exploit vector present in the description is a local file truncation operation, implying that a local attacker with write privileges on an NTFS3 mount can trigger the condition. Because the error is silently ignored, an attacker could cause data corruption or, at worst, induce a system crash if the inode inconsistency propagates. While exploitation does not appear to enable privilege escalation directly, the resulting data integrity loss presents a medium to high risk for affected systems.