CVE Catalog

CVE-2025-71267

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

An infinite loop bug was found in the Linux kernel's NTFS3 file system. An attacker can trigger a Denial-of-Service by mounting a malformed NTFS image with a zero-sized ATTR_LIST attribute, causing the mount process to hang indefinitely.

Risk Assessment

The organization is at risk of a DoS attack by mounting a malicious NTFS image, potentially crashing the system or disrupting services relying on the file system.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit adding ATTR_LIST size validation). Avoid mounting untrusted NTFS images until the update is applied.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it. When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread. This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS