CVE-2026-53029
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfs_iomap_begin [1]. Since runs was not touched yet, run_lookup_entry() immediately fails and returns false, which makes the value of "*len" 0. Simultaneously, the new value and err value are also 0, causing the logic in attr_data_get_block_locked() to jump directly to ok, ultimately resulting in *lcn being triggered before it is set [1]. In ntfs_iomap_begin(), the check for a 0 value in clen is moved forward to before updating lcn to avoid this [1]. [1] BUG: KMSAN: uninit-value in ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825 ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825 iomap_iter+0x9b7/0x1540 fs/iomap/iter.c:110 Local variable lcn created at: ntfs_iomap_begin+0x15d/0x1460 fs/ntfs3/inode.c:786
Affected versions
Linux kernel versions
7.0
and later are affected. Fixed in
7.0.10,
7.1
and their respective stable series.
References
2 totalFrequently asked questions
-
What is CVE-2026-53029?
CVE-2026-53029 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 7.0 onward and has been patched in 7.0.10 and 7.1. CVE-2026-53029 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53029?
Yes — CVE-2026-53029 has been patched. Fixed versions include 7.0.10 and 7.1. If you are running Linux kernel 7.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53029 actively exploited?
No — CVE-2026-53029 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.