5.5

CVE-2025-71311

fs/ntfs3: Initialize new folios before use

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Initialize new folios before use

KMSAN reports an uninitialized value in longest_match_std(), invoked
from ntfs_compress_write(). When new folios are allocated without being
marked uptodate and ni_read_frame() is skipped because the caller expects
the frame to be completely overwritten, some reserved folios may remain
only partially filled, leaving the rest memory uninitialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.11 < 6.12.75
LinuxLinux Kernel Version >= 6.13 < 6.18.14
LinuxLinux Kernel Version >= 6.19 < 6.19.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/dd6c81527d097b3b0bf5a15c2fdc9657d045144c
Patch
https://git.kernel.org/stable/c/5a30cc03bde169ad558695b26da6ea7e55f6194a
Patch
https://git.kernel.org/stable/c/41d79f8e2a36622d148719bf7c18b46ac1264284
Patch
https://git.kernel.org/stable/c/f223ebffa185cc8da934333c5a31ff2d4f992dc9
Patch