Primary

Context

Linux Kernel Uninitialized Memory Vulnerability in NTFS3 File System

Vulnerability

Patched

A vulnerability in the Linux kernel's NTFS3 file system has been addressed, concerning the use of uninitialized memory. This issue was identified by the Kernel Memory Sanitizer (KMSAN), which reported multiple instances of uninitialized values. The vulnerability arises because memory allocated by the '__getname()' function, a wrapper for 'kmem_cache_alloc()', is used before it is properly cleared. The proposed solution involves changing 'kmem_cache_alloc()' to 'kmem_cache_zalloc()' to ensure that memory is correctly allocated and initialized before use.

Impact

The vulnerability could lead to the use of uninitialized memory, potentially causing undefined behavior in the affected application.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Dec 24, 2025, 12:10 PM

Updated: Dec 24, 2025, 12:10 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Uninitialized Memory Vulnerability in NTFS3 File System

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating