Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the buffer uptodate before setting it as uptodate. If the buffer were to not be uptodate, it could mean adding a buffer with un-init data to the mi record. Attempting to load that record will trigger KMSAN. Avoid this by setting the buffer as uptodate, if it’s not already, by overwriting it.
References
- https://git.kernel.org/stable/c/46f2a881e5a7311d41551edb3915e4d4e8802341
- https://git.kernel.org/stable/c/73e6b9dacf72a1e7a4265eacca46f8f33e0997d6
- https://git.kernel.org/stable/c/7ce8f2028dfccb2161b905cf8ab85cdd9e93909c
- https://git.kernel.org/stable/c/81ffe9a265df3e41534726b852ab08792e3d374d
- https://git.kernel.org/stable/c/8bf729b96303bb862d7c6dc05edcf51274ae04cf
- https://git.kernel.org/stable/c/afb144bc8e920db43a23e996eb0a6f9bdea84341
- https://git.kernel.org/stable/c/c70b3abfd530c7f574bc25a5f84707e6fdf0def8
FAQ
What is CVE-2025-68728?
CVE-2025-68728 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects ...
How severe is CVE-2025-68728?
CVSS scoring is not yet available for CVE-2025-68728. Check NVD for updates.
Is there a patch for CVE-2025-68728?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.