-

CVE-2025-71265

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata

We found an infinite loop bug in the ntfs3 file system that can lead to a
Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an attribute header
indicates an empty run list, while directory entries reference it as
containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way
to represent an empty run list, and run_unpack() correctly handles this by
checking if evcn + 1 equals svcn and returning early without parsing any run
data. However, this creates a problem when there is metadata inconsistency,
where the attribute header claims to be empty (evcn=-1) but the caller
expects to read actual data. When run_unpack() immediately returns success
upon seeing this condition, it leaves the runs_tree uninitialized with
run->runs as a NULL. The calling function attr_load_runs_range() assumes
that a successful return means that the runs were loaded and sets clen to 0,
expecting the next run_lookup_entry() call to succeed. Because runs_tree
remains uninitialized, run_lookup_entry() continues to fail, and the loop
increments vcn by zero (vcn += 0), leading to an infinite loop.

This patch adds a retry counter to detect when run_lookup_entry() fails
consecutively after attr_load_runs_vcn(). If the run is still not found on
the second attempt, it indicates corrupted metadata and returns -EINVAL,
preventing the Denial-of-Service (DoS) vulnerability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 6f07a590616ff5f57f7c041d98e463fad9e9f763
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
Version < a89bc96d5abd8a4a8d5d911884ea347efcdf460b
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
Version < af839013c70a24779f9d1afb1575952009312d38
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
Version < 78b61f7eac37a63284774b147f38dd0be6cad43c
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
Version < c0b43c45d45f59e7faad48675a50231a210c379b
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
Version < 3c3a6e951b9b53dab2ac460a655313cf04c4a10a
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
Version < 4b90f16e4bb5607fb35e7802eb67874038da4640
Version be71b5cba2e6485e8959da7a9f9a44461a1bb074
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.15
Status affected
Version < 5.15
Version 0
Status unaffected
Version <= 5.15.*
Version 5.15.202
Status unaffected
Version <= 6.1.*
Version 6.1.165
Status unaffected
Version <= 6.6.*
Version 6.6.128
Status unaffected
Version <= 6.12.*
Version 6.12.75
Status unaffected
Version <= 6.18.*
Version 6.18.16
Status unaffected
Version <= 6.19.*
Version 6.19.6
Status unaffected
Version <= *
Version 7.0-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.111
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.