CVE-2025-68727

In the Linux kernel's NTFS3 filesystem driver, the __getname() function allocates a heap buffer for directory entry structures (de). This buffer was not zero-initialized, meaning that uninitialized kernel heap memory could be left exposed when the buffer is used.

Exploitation

This vulnerability is triggered during directory listing or access operations on an NTFS3 filesystem. No special privileges are required beyond the ability to read directory entries on a mounted NTFS3 volume. The uninitialized buffer occurs when the kernel allocates memory without clearing it, and the subsequent use of that buffer can copy stale kernel heap data into user-visible structures.

Impact

An attacker with local access can read the uninitialized kernel memory, which may contain sensitive data such as pointers, file content fragments, or other kernel objects. This constitutes an information disclosure vulnerability that could aid in further exploitation of the system.

Mitigation

The Linux kernel stable branch has released patches to fix this issue [1][2][3]. The fix explicitly zeroes the allocated buffer before use, eliminating the information leak. Users should update their kernel to a version containing the fix.