Description
In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Initialize new folios before use

KMSAN reports an uninitialized value in longest_match_std(), invoked
from ntfs_compress_write(). When new folios are allocated without being
marked uptodate and ni_read_frame() is skipped because the caller expects
the frame to be completely overwritten, some reserved folios may remain
only partially filled, leaving the rest memory uninitialized.
Published: 2026-05-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel’s NTFS3 file system code allows new folios to be allocated without proper up-to-date marking. During compress write operations, the function ntfs_compress_write calls longest_match_std while ni_read_frame is omitted, causing parts of the reserved memory to remain uninitialized. This leads the kernel to read or expose data that has never been set, which can leak information or produce undefined behavior, potentially destabilising the kernel or corrupting data.

Affected Systems

The vulnerability affects any Linux kernel that includes NTFS3 support. No specific kernel version is listed in the CNA data, so all distributions running a kernel with NTFS3 that has not yet received the fix are potentially impacted.

Risk and Exploitability

The EPSS score is below 1% and the bug is not listed in the CISA KEV catalog, indicating a very low probability of exploitation. The flaw is triggered by a local NTFS3 write operation, so a local user with sufficient privileges to create or modify files could provoke the uninitialized memory condition. Though no remote or privilege‑escalation path is confirmed, the presence of uninitialized kernel data can compromise system integrity or availability if exercised.

Generated by OpenCVE AI on May 29, 2026 at 04:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that contains the NTFS3 folio initialization fix.
  • Reboot the system so the updated kernel and filesystem module become active.
  • If an update is not yet available, disable or unmount the NTFS3 filesystem to avoid triggering the uninitialized memory condition.

Generated by OpenCVE AI on May 29, 2026 at 04:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-222
CWE-788

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References

Wed, 27 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-222
CWE-788

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated without being marked uptodate and ni_read_frame() is skipped because the caller expects the frame to be completely overwritten, some reserved folios may remain only partially filled, leaving the rest memory uninitialized.
Title fs/ntfs3: Initialize new folios before use
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:24:02.532Z

Reserved: 2026-05-27T12:23:27.414Z

Link: CVE-2025-71311

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:43.627

Modified: 2026-05-27T14:48:31.480

Link: CVE-2025-71311

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2025-71311 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T05:00:07Z

Weaknesses
  • CWE-824

    Access of Uninitialized Pointer