Impact
The Linux kernel’s ntfs3 driver converts an on‑disk NTFS volume label from UTF‑16 to UTF‑8 but does not append a terminating NUL character. When the converted string exactly fills the fixed buffer, the display routine searches past the buffer’s end for a terminator, resulting in an out‑of‑bounds read that can expose kernel memory. This weakness aligns with CWE‑170.
Affected Systems
All Linux kernels that include the ntfs3 filesystem driver without the NULL‑termination patch, regardless of distribution or custom compilation. The CVE data does not specify a version range, so any deployment shipping the unpatched driver is potentially vulnerable.
Risk and Exploitability
The EPSS score is below 1 %, and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of exploitation at present. It is inferred that an attacker would need local access to the host and the ability to invoke the ntfs3_label_show function, typically by mounting or interrogating NTFS partitions. If successful, the read can leak sensitive kernel memory, which could aid further attacks. The overall risk remains high for systems that mount NTFS volumes or accept untrusted media.
OpenCVE Enrichment
Debian DLA