CVE Catalog

CVE-2025-71311

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, the NTFS3 filesystem has a vulnerability involving the use of uninitialized folios. Newly allocated folios are not marked as uptodate, and the ni_read_frame() function is skipped when the caller expects the frame to be completely overwritten, leaving part of the memory uninitialized.

Risk Assessment

Uninitialized memory may be read by the longest_match_std() function during compression write, potentially leading to sensitive data leakage or unpredictable system behavior.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix that initializes new folios before use in the NTFS3 filesystem.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated without being marked uptodate and ni_read_frame() is skipped because the caller expects the frame to be completely overwritten, some reserved folios may remain only partially filled, leaving the rest memory uninitialized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS