CVE-2025-71266

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A specially crafted dentry within the ntfs3 filesystem can cause the kernel to hang during lookup operations. An attacker can manipulate the HAS SUB NODE flag in an INDEX ENTRY and the VCN pointer to cause the indx find() function to repeatedly read the same block, allocating 4 KB of memory each time. The kernel lacks VCN loop detection and depth limits, leading to memory exhaustion and an Out-of-Memory (OOM) crash. The issue stems from the absence of a return value check for fnd push(), which can result in infinite loops. The fnd push() function returns -EINVAL when the index exceeds the size of the fnd->nodes array, but the indx find() function did not previously check this return value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.