Skip to main content

Linux CVE-2025-71267

| EUVDEUVD-2025-208821 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
4.6 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 18:37 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 10:30 euvd
EUVD-2025-208821
Analysis Generated
Mar 18, 2026 - 10:30 vuln.today
CVE Published
Mar 18, 2026 - 10:05 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it.

When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.

AnalysisAI

A denial-of-service vulnerability exists in the Linux kernel's ntfs3 file system driver where a malformed NTFS image with a zero-sized ATTR_LIST attribute triggers an infinite loop during file system mount operations. The vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can cause the kernel to hang indefinitely, preventing normal system operation. An attacker can exploit this by providing a crafted NTFS image file that triggers the loop when mounted, requiring no special privileges and resulting in complete denial of service for affected systems.

Technical ContextAI

The vulnerability resides in the ntfs3 file system implementation within the Linux kernel (cpe:2.3:a:linux:linux). Specifically, the ntfs_load_attr_list() function fails to validate that the data_size field of an ATTR_LIST attribute is non-zero before allocating memory via the al_aligned() macro. The ATTR_LIST is a critical NTFS metadata structure used to enumerate file attributes across multiple MFT (Master File Table) records. When data_size is zero, the function still allocates memory due to alignment calculations, creating an inconsistent internal state where ni->attr_list.size equals zero but ni->attr_list.le is non-null. This inconsistency causes the ni_enum_attr_ex() enumeration function to incorrectly conclude that no attribute list exists, leading it to enumerate only the primary MFT record. Upon discovering the ATTR_LIST during enumeration, the code reloads it and restarts the process, creating an infinite loop. The root cause is a failure to implement proper input validation before memory allocation, falling under CWE-835 (Loop with Unreachable Exit Condition) and related validation weaknesses.

RemediationAI

Immediately upgrade the Linux kernel to a patched version released after the fix commit dates for your respective stable branch: kernel 5.15.202 or later, 6.1.165 or later, 6.6.128 or later, 6.12.75 or later, 6.18.16 or later, 6.19.6 or later, or 7.0-rc1 and later. Distributions including Debian, Ubuntu, Red Hat, and others have released kernel security updates addressing this issue; check your distribution's security advisories. Until kernel upgrade is completed, restrict or disable NTFS file system mounting on systems processing untrusted media, enforce mount restrictions via AppArmor or SELinux policies to limit ntfs3 driver access, and disable ntfs3 kernel module loading via modprobe blacklist if NTFS support is not required. Monitor kernel logs for evidence of hangs or infinite loops triggered by NTFS mount attempts. See kernel.org stable commit references at https://git.kernel.org/stable for detailed patch information.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.19.6-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71267 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy