5.5
CVE-2025-71265
- EPSS 0.12%
- Veröffentlicht 18.03.2026 10:05:01
- Zuletzt bearbeitet 20.05.2026 19:43:23
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an attribute header indicates an empty run list, while directory entries reference it as containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way to represent an empty run list, and run_unpack() correctly handles this by checking if evcn + 1 equals svcn and returning early without parsing any run data. However, this creates a problem when there is metadata inconsistency, where the attribute header claims to be empty (evcn=-1) but the caller expects to read actual data. When run_unpack() immediately returns success upon seeing this condition, it leaves the runs_tree uninitialized with run->runs as a NULL. The calling function attr_load_runs_range() assumes that a successful return means that the runs were loaded and sets clen to 0, expecting the next run_lookup_entry() call to succeed. Because runs_tree remains uninitialized, run_lookup_entry() continues to fail, and the loop increments vcn by zero (vcn += 0), leading to an infinite loop. This patch adds a retry counter to detect when run_lookup_entry() fails consecutively after attr_load_runs_vcn(). If the run is still not found on the second attempt, it indicates corrupted metadata and returns -EINVAL, preventing the Denial-of-Service (DoS) vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 5.15.202
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.165
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.128
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.75
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.16
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://git.kernel.org/stable/c/6f07a590616ff5f57f7c041d98e463fad9e9f763
https://git.kernel.org/stable/c/a89bc96d5abd8a4a8d5d911884ea347efcdf460b
https://git.kernel.org/stable/c/af839013c70a24779f9d1afb1575952009312d38
https://git.kernel.org/stable/c/78b61f7eac37a63284774b147f38dd0be6cad43c
https://git.kernel.org/stable/c/c0b43c45d45f59e7faad48675a50231a210c379b
https://git.kernel.org/stable/c/3c3a6e951b9b53dab2ac460a655313cf04c4a10a
https://git.kernel.org/stable/c/4b90f16e4bb5607fb35e7802eb67874038da4640