Skip to main content

Linux Kernel CVE-2025-71311

| EUVDEUVD-2025-209965 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-55mq-jw86-3h27
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local write access with low privileges required to trigger compression path; impact is kernel crash only, with no confidentiality or integrity consequence confirmed.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:09 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Initialize new folios before use

KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated without being marked uptodate and ni_read_frame() is skipped because the caller expects the frame to be completely overwritten, some reserved folios may remain only partially filled, leaving the rest memory uninitialized.

AnalysisAI

Uninitialized memory use in the Linux kernel's NTFS3 filesystem driver (fs/ntfs3) causes a kernel crash when a local, low-privileged user triggers NTFS compression writes under specific folio allocation conditions. The flaw was surfaced by KMSAN (Kernel Memory Sanitizer) in longest_match_std(), called from ntfs_compress_write(), when newly allocated folios are neither marked uptodate nor initialized before use. No public exploit or active exploitation has been identified; EPSS stands at 0.02% (5th percentile), confirming negligible automated attack activity at time of analysis.

Technical ContextAI

The affected component is the NTFS3 in-kernel filesystem driver, introduced in Linux 5.15, identified via CPE cpe:2.3:o:linux:linux_kernel. The driver handles reading and writing NTFS volumes natively from the kernel. The root cause is CWE-908 (Use of Uninitialized Resource): during ntfs_compress_write(), when the caller expects a compression frame to be completely overwritten, the code skips ni_read_frame() but does not zero or otherwise initialize the newly allocated folios. This leaves portions of those folios containing stale kernel heap or stack data. When longest_match_std() subsequently operates on this uninitialized memory during LZ-style compression, the behavior is undefined - most practically manifesting as a kernel panic or memory corruption leading to a crash. The issue is specific to the NTFS compression code path and does not affect non-compressed NTFS mounts or other filesystem drivers.

RemediationAI

The primary remediation is to upgrade the Linux kernel to a patched stable release: 6.12.75, 6.18.14, 6.19.4, or 7.0 as confirmed by EUVD and the upstream stable tree. Distribution-specific updates should be applied via the vendor's package manager (e.g., apt, dnf, zypper) once backport packages are available. The four upstream fix commits (referenced above) are the authoritative source for distributions performing their own backport. As a compensating control where kernel updates cannot be immediately applied, administrators can remount NTFS volumes without compression support or avoid mounting NTFS volumes with the ntfs3 driver entirely - using the older NTFS-3G FUSE driver instead, which does not share this code path. However, disabling ntfs3 entirely on systems that require NTFS write access will reduce performance and may require reconfiguring mount points. Loading the ntfs3 kernel module can be blocked via a modprobe blacklist entry (install ntfs3 /bin/false in /etc/modprobe.d/) if NTFS access is not required on the system; this has no side effects on systems that do not use NTFS filesystems.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2025-71311 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy