Bug 2467192 (CVE-2025-71289)

Summary: CVE-2025-71289 kernel: fs/ntfs3: handle attr_set_size() errors when truncating files
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's NTFS3 file system driver. When a file is truncated, and an error occurs during the process of setting the attribute size, the system silently ignores this error. This oversight can lead to the file's inode, which stores critical file system metadata, being left in an inconsistent state. Such an inconsistency could potentially result in data corruption or compromise the stability of the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 13:09:55 UTC 
In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: handle attr_set_size() errors when truncating files

If attr_set_size() fails while truncating down, the error is silently
ignored and the inode may be left in an inconsistent state.
Comment 1 Keith Grant 2026-05-06 16:54:56 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050631-CVE-2025-71289-c62c@gregkh/T