CVE-2025-71267

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the ntfs3 file system that can result in a Denial-of-Service (DoS) condition. A specially crafted NTFS image can trigger an infinite loop when processing an ATTR LIST attribute with a zero data size during memory allocation. The ntfs load attr list() function allocates memory even when data size is zero, leading to an inconsistent state where ni->attr list.size is zero, but ni->attr list.le is not null. This causes the ni enum attr ex function to repeatedly reload the attribute list, resulting in an indefinite loop and a hung kernel thread. The issue is addressed by adding validation to ensure data size is non-zero before memory allocation, and returning -EINVAL when a zero-sized ATTR LIST is detected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.