CVE-2026-53029

Source
https://cve.org/CVERecord?id=CVE-2026-53029
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53029.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53029
Downstream
Published
2026-06-24T16:29:37.361Z
Modified
2026-07-12T03:55:22.787049187Z
Summary
fs/ntfs3: prevent uninitialized lcn caused by zero len
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: prevent uninitialized lcn caused by zero len

syzbot reported a uninit-value in ntfsiomapbegin [1].

Since runs was not touched yet, runlookupentry() immediately fails and returns false, which makes the value of "*len" 0. Simultaneously, the new value and err value are also 0, causing the logic in attrdatagetblocklocked() to jump directly to ok, ultimately resulting in *lcn being triggered before it is set [1].

In ntfsiomapbegin(), the check for a 0 value in clen is moved forward to before updating lcn to avoid this [1].

[1] BUG: KMSAN: uninit-value in ntfsiomapbegin+0x8c0/0x1460 fs/ntfs3/inode.c:825 ntfsiomapbegin+0x8c0/0x1460 fs/ntfs3/inode.c:825 iomap_iter+0x9b7/0x1540 fs/iomap/iter.c:110

Local variable lcn created at: ntfsiomapbegin+0x15d/0x1460 fs/ntfs3/inode.c:786

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53029.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
10d7c95af043b45a85dc738c3271bf760ff3577e
Fixed
485f750cac3d8bdf5552a0e3d79ce5e3a03ece49
Fixed
e98266e823a1fa06fe6499df61aeaac2fd6f7a49

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53029.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53029.json"