kmsan

  1. CVE-2025-21922: Tiny PPP KMSAN Fix Prevents Uninitialized Reads in Linux

    The Linux kernel has received a small but important correction tracked as CVE-2025-21922: a KMSAN-detected uninitialized-value issue in the PPP driver that can be triggered by crafted BPF (Berkeley Packet Filter) socket filters. While the immediate technical problem is a two‑byte header that the...

  2. Linux kernel IPv4 tunnel fix CVE-2024-26882 prevents uninitialized decapsulation

    The Linux kernel received a targeted fix in April 2024 for a subtle packet‑parsing bug in its IPv4 tunnel path — tracked as CVE‑2024‑26882 — that could leave inner packet headers uninitialized during decapsulation, producing KMSAN warnings and, in some configurations, enabling denial‑of‑service...

  3. CVE-2025-68728: ntfs3 KMSAN Fix Makes Kernel Buffers Deterministic

    A newly assigned Linux kernel vulnerability, CVE-2025-68728, patches a subtle but important memory-initialization bug in the in-kernel NTFS driver (ntfs3) — a KMSAN-reported uninitialized-memory condition in mi_format_new that could add uninitialized buffer contents to an internal metadata...

  4. CVE-2025-68365: ntfs3 Zeroes Allocation to Fix KMSAN in Linux

    A new Linux kernel stability and correctness patch was assigned CVE‑2025‑68365 and describes a narrow but important fix in the ntfs3 driver: allocated memory used by ntfs3 was not always zeroed before use, and the upstream remedy is to switch allocation calls from kmem_cache_alloc (or equivalent...

  5. Linux Kernel Patch: Zero Initialize Structs to Fix CVE-2025-40278 Infoleak

    The Linux kernel received a surgical fix for CVE-2025-40278 that zero-initializes a local struct used by the traffic-control “ife” action, closing a KMSAN-reported kernel information leak that could otherwise disclose residual stack bytes to unprivileged userspace. Background / Overview...

  6. Linux HFS CVE-2025-40243 Patch: Zeroed 8KB Bitmap with kzalloc

    The Linux kernel has closed a small but consequential memory‑safety gap in the HFS driver: CVE‑2025‑40243 fixes a KMSAN‑reported uninitialized‑value read in hfs_find_set_zero_bits by ensuring the HFS volume bitmap is allocated zeroed (kzalloc) instead of with kmalloc, removing a source of...

  7. CVE-2025-40244: Linux Kernel HFS+ Uninitialized Read Fixed (KMSAN)

    A recent Linux kernel security fix closes CVE-2025-40244, a KMSAN-detected uninitialized-value bug in the HFS+ (hfsplus) filesystem implementation that was reported by syzbot and patched upstream; operators should treat this as a kernel-level memory-safety correction, install vendor-supplied...

  8. Linux Kernel Patch Fixes SquashFS Uninitialized Parent Inode Read (CVE-2025-40049)

    A terse but important Linux kernel correction landed this month to close a Syzkaller/KMSAN‑reported memory-safety gap in SquashFS: a previously uninitialized parent inode value could be read by squashfs_get_parent, and the upstream patch initializes that field to 0 so bad file handles return...