CVE-2025-71311
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Linux kernel, the NTFS3 filesystem has a vulnerability involving the use of uninitialized folios. Newly allocated folios are not marked as uptodate, and the ni_read_frame() function is skipped when the caller expects the frame to be completely overwritten, leaving part of the memory uninitialized.
Risk Assessment
Uninitialized memory may be read by the longest_match_std() function during compression write, potentially leading to sensitive data leakage or unpredictable system behavior.
Recommendation
It is recommended to immediately update the Linux kernel to a version containing the fix that initializes new folios before use in the NTFS3 filesystem.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated without being marked uptodate and ni_read_frame() is skipped because the caller expects the frame to be completely overwritten, some reserved folios may remain only partially filled, leaving the rest memory uninitialized.

