Recently, the first feature-rich NTFS implementation, NTFS3, has been upstreamed to Linux. Although ensuring the security of NTFS3 is essential for the future of Linux, it remains unclear, however, whether the most recent version of NTFS for Linux contains 0-day vulnerabilities. To this end, we implemented Papora, the first effective fuzzer for NTFS3. We have identified and reported 3 CVE-assigned 0-day vulnerabilities and 9 severe bugs in NTFS3. Furthermore, we have investigated the underlying causes as well as types of these vulnerabilities and bugs. We have conducted an empirical study on the identified bugs while the results of our study have offered practical insights regarding the security of NTFS3 in Linux.

翻译：最近，首个功能丰富的NTFS实现NTFS3已被合入Linux主线。尽管确保NTFS3的安全性对Linux的未来至关重要，但目前尚不清楚Linux最新版NTFS是否包含零日漏洞。为此，我们实现了Papora——首个针对NTFS3的高效模糊测试工具。我们已在NTFS3中发现并报告了3个获得CVE编号的零日漏洞和9个严重缺陷。此外，我们深入研究了这些漏洞与缺陷的深层成因及类型。基于识别出的缺陷，我们开展了实证研究，研究结果为Linux中NTFS3的安全性提供了实践性见解。