CVE-2025-71311
Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated without being marked uptodate and ni_read_frame() is skipped because the caller expects the frame to be completely overwritten, some reserved folios may remain only partially filled, leaving the rest memory uninitialized.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.18.14-1 |
| debian | sid | fixed | 6.18.14-1 |
| debian | trixie | fixed | 6.12.85-1 |
| sles | affected | |
References
- https://git.kernel.org/stable/c/dd6c81527d097b3b0bf5a15c2fdc9657d045144c
- https://git.kernel.org/stable/c/5a30cc03bde169ad558695b26da6ea7e55f6194a
- https://git.kernel.org/stable/c/41d79f8e2a36622d148719bf7c18b46ac1264284
- https://git.kernel.org/stable/c/f223ebffa185cc8da934333c5a31ff2d4f992dc9
- https://security-tracker.debian.org/tracker/CVE-2025-71311
- https://www.suse.com/security/cve/CVE-2025-71311.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.