Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NTFS3 Uninitialized Buffer Vulnerability

Vulnerability

A vulnerability in the Linux kernel's NTFS3 file system implementation has been addressed. The issue involved an uninitialized buffer allocated by the '__getname()' function, which could lead to the use of undefined data. This vulnerability was identified and fixed by initializing the buffer with zeros, a correction discovered through the use of Kernel Memory Sanitizer (KMSAN). The problem was reported by syzbot.

Impact

Exploitation of this vulnerability could lead to the use of uninitialized memory, potentially causing undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by linking an inode in the NTFS3 file system, which involves allocating a name buffer using the '__getname()' function. The buffer is then used without proper initialization, leading to the exposure of uninitialized memory.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Dec 24, 2025, 11:24 AM
Updated: Dec 24, 2025, 11:24 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
1.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.