CVE-2026-53029
Received Received - Intake
Uninitialized LCN in Linux Kernel NTFS3

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfs_iomap_begin [1]. Since runs was not touched yet, run_lookup_entry() immediately fails and returns false, which makes the value of "*len" 0. Simultaneously, the new value and err value are also 0, causing the logic in attr_data_get_block_locked() to jump directly to ok, ultimately resulting in *lcn being triggered before it is set [1]. In ntfs_iomap_begin(), the check for a 0 value in clen is moved forward to before updating lcn to avoid this [1]. [1] BUG: KMSAN: uninit-value in ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825 ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825 iomap_iter+0x9b7/0x1540 fs/iomap/iter.c:110 Local variable lcn created at: ntfs_iomap_begin+0x15d/0x1460 fs/ntfs3/inode.c:786
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53029
EUVD
EUVD-2026-38897
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's NTFS3 filesystem driver. It involves an uninitialized variable called 'lcn' that can be used before it is properly set. Specifically, due to certain logic in the code, the variable 'lcn' may be accessed before it is initialized, caused by a zero length value that leads to skipping necessary initialization steps.

The issue arises in the function ntfs_iomap_begin(), where a check for a zero length value was originally placed too late, allowing the uninitialized 'lcn' variable to be used. The fix involved moving this check earlier to prevent 'lcn' from being triggered before it is set.

Impact Analysis

The vulnerability could lead to undefined behavior in the Linux kernel when handling NTFS filesystems, potentially causing system instability or crashes. Since it involves use of an uninitialized variable, it might also lead to memory corruption or other unpredictable effects within the kernel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53029. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart