CVE-2025-68728
Published: December 27, 2025Last modified: December 27, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the buffer uptodate before setting it as uptodate. If the buffer were to not be uptodate, it could mean adding a buffer with un-init data to the mi record. Attempting to load that record will trigger KMSAN. Avoid this by setting the buffer as uptodate, if it’s not already, by overwriting it.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.161-r0) |
| 25 LTS | linux-lts | Fixed (6.12.65-r0) | |
| Stream | linux-lts | Fixed (6.12.63-r0) |
References
- https://git.kernel.org/stable/c/46f2a881e5a7311d41551edb3915e4d4e8802341
- https://git.kernel.org/stable/c/73e6b9dacf72a1e7a4265eacca46f8f33e0997d6
- https://git.kernel.org/stable/c/7ce8f2028dfccb2161b905cf8ab85cdd9e93909c
- https://git.kernel.org/stable/c/81ffe9a265df3e41534726b852ab08792e3d374d
- https://git.kernel.org/stable/c/8bf729b96303bb862d7c6dc05edcf51274ae04cf
- https://git.kernel.org/stable/c/afb144bc8e920db43a23e996eb0a6f9bdea84341
- https://git.kernel.org/stable/c/c70b3abfd530c7f574bc25a5f84707e6fdf0def8