CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR LIST attribute indicates a zero data size while the driver allocates memory for it.

When ntfs load attr list() processes a resident ATTR LIST with data size set to zero, it still allocates memory because of al aligned(0). This creates an inconsistent state where ni->attr list.size is zero, but ni->attr list.le is non-null. This causes ni enum attr ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that data size is non-zero before memory allocation. When a zero-sized ATTR LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.