CVE-2025-68728
Description
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix uninit memory after failed mi_read in mi_format_new
Fix a KMSAN un-init bug found by syzkaller.
ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the buffer uptodate before setting it as uptodate. If the buffer were to not be uptodate, it could mean adding a buffer with un-init data to the mi record. Attempting to load that record will trigger KMSAN.
Avoid this by setting the buffer as uptodate, if it’s not already, by overwriting it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A bug in Linux kernel's ntfs3 driver leaves uninitialized memory in a buffer, which KMSAN detects and which could expose stale data.
Vulnerability
CVE-2025-68728 is a bug in the Linux kernel's ntfs3 file system driver. When mi_format_new calls ntfs_get_bh() after a failing mi_read, the buffer obtained via sb_getblk() may not be brought up-to-date. The driver sets the buffer as up-to-date without ensuring its contents are initialized, potentially leaving uninitialized (uninit) memory in the MFT record [1] [2].
Exploitation
The vulnerability is triggered through crafted NTFS filesystem operations that cause the mi_read call to fail. An attacker would need the ability to mount a maliciously crafted NTFS volume — typically requiring local access or a user-space utility that mounts a filesystem. No special privileges beyond the ability to trigger the erroneous code path are required; the bug manifests during normal metadata structure formatting [3].
Impact
The primary impact is information disclosure: KMSAN (Kernel Memory Sanitizer) detects the uninit memory and warns of potential exposure of kernel heap data to user-space or to other parts of the kernel. An attacker may be able to leverage the uninitialized data to leak sensitive information, though the official description does not assert arbitrary code execution [1] [2].
Mitigation
Patches have been submitted to the Linux kernel stable tree and are available through the referenced commits [1][2][3]. Users should update their kernel to a version containing the fix. No workaround is provided, but the bug is only reachable when mounting a malicious NTFS filesystem, so limiting access to mount operations reduces risk.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/46f2a881e5a7311d41551edb3915e4d4e8802341nvd
- git.kernel.org/stable/c/73e6b9dacf72a1e7a4265eacca46f8f33e0997d6nvd
- git.kernel.org/stable/c/7ce8f2028dfccb2161b905cf8ab85cdd9e93909cnvd
- git.kernel.org/stable/c/81ffe9a265df3e41534726b852ab08792e3d374dnvd
- git.kernel.org/stable/c/8bf729b96303bb862d7c6dc05edcf51274ae04cfnvd
- git.kernel.org/stable/c/afb144bc8e920db43a23e996eb0a6f9bdea84341nvd
- git.kernel.org/stable/c/c70b3abfd530c7f574bc25a5f84707e6fdf0def8nvd
News mentions
0No linked articles in our index yet.