Home

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfs_iomap_begin [1]. Since runs was not touched yet, run_lookup_entry() immediately fails and returns false, which makes the value of "*len" 0. Simultaneously, the new value and err value are also 0, causing the logic in attr_data_get_block_locked() to jump directly to ok, ultimately resulting in *lcn being triggered before it is set [1]. In ntfs_iomap_begin(), the check for a 0 value in clen is moved forward to before updating lcn to avoid this [1]. [1] BUG: KMSAN: uninit-value in ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825 ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825 iomap_iter+0x9b7/0x1540 fs/iomap/iter.c:110 Local variable lcn created at: ntfs_iomap_begin+0x15d/0x1460 fs/ntfs3/inode.c:786

PUBLISHED Reserved 2026-06-09 | Published 2026-06-24 | Updated 2026-06-24 | Assigner Linux

Product status

Default status
unaffected

10d7c95af043b45a85dc738c3271bf760ff3577e (git) before 485f750cac3d8bdf5552a0e3d79ce5e3a03ece49
affected

10d7c95af043b45a85dc738c3271bf760ff3577e (git) before e98266e823a1fa06fe6499df61aeaac2fd6f7a49
affected

Default status
affected

7.0
affected

Any version before 7.0
unaffected

7.0.10 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/485f750cac3d8bdf5552a0e3d79ce5e3a03ece49

git.kernel.org/...c/e98266e823a1fa06fe6499df61aeaac2fd6f7a49

cve.org (CVE-2026-53029)

nvd.nist.gov (CVE-2026-53029)

Download JSON