CVE-2025-71067

EPSS 0.02%
Veröffentlicht 13.01.2026 15:31:22
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ntfs: set dummy blocksize to read boot_block when mounting

When mounting, sb->s_blocksize is used to read the boot_block without
being defined or validated. Set a dummy blocksize before attempting to
read the boot_block.

The issue can be triggered with the following syz reproducer:

  mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
  r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x121403, 0x0)
  ioctl$FS_IOC_SETFLAGS(r4, 0x40081271, &(0x7f0000000980)=0x4000)
  mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00',
        &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)
  syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)

Here, the ioctl sets the bdev block size to 16384. During mount,
get_tree_bdev_flags() calls sb_set_blocksize(sb, block_size(bdev)),
but since block_size(bdev) > PAGE_SIZE, sb_set_blocksize() leaves
sb->s_blocksize at zero.

Later, ntfs_init_from_boot() attempts to read the boot_block while
sb->s_blocksize is still zero, which triggers the bug.

[almaz.alexandrovich@paragon-software.com: changed comment style, added
return value handling]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 44a38eb4f7876513db5a1bccde74de9bc4389d43

Version 28861e3bbd9e7ac4cd9c811aad71b4d116e27930

Status affected

Version < 4fff9a625da958a33191c8553a03283786f9f417

Version 28861e3bbd9e7ac4cd9c811aad71b4d116e27930

Status affected

Version < b3c151fe8f543f1a0b8b5df16ce5d97afa5ec85a

Version 28861e3bbd9e7ac4cd9c811aad71b4d116e27930

Status affected

Version < d1693a7d5a38acf6424235a6070bcf5b186a360d

Version 28861e3bbd9e7ac4cd9c811aad71b4d116e27930

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/44a38eb4f7876513db5a1bccde74de9bc4389d43

https://git.kernel.org/stable/c/4fff9a625da958a33191c8553a03283786f9f417

https://git.kernel.org/stable/c/b3c151fe8f543f1a0b8b5df16ce5d97afa5ec85a

https://git.kernel.org/stable/c/d1693a7d5a38acf6424235a6070bcf5b186a360d

https://nvd.nist.gov/vuln/detail/CVE-2025-71067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71067

EUVD