-

CVE-2025-71266

EPSS 0.03%
Veröffentlicht 18.03.2026 10:05:02
Zuletzt bearbeitet 18.03.2026 14:52:44
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: check return value of indx_find to avoid infinite loop

We found an infinite loop bug in the ntfs3 file system that can lead to a
Denial-of-Service (DoS) condition.

A malformed dentry in the ntfs3 filesystem can cause the kernel to hang
during the lookup operations. By setting the HAS_SUB_NODE flag in an
INDEX_ENTRY within a directory's INDEX_ALLOCATION block and manipulating the
VCN pointer, an attacker can cause the indx_find() function to repeatedly
read the same block, allocating 4 KB of memory each time. The kernel lacks
VCN loop detection and depth limits, causing memory exhaustion and an OOM
crash.

This patch adds a return value check for fnd_push() to prevent a memory
exhaustion vulnerability caused by infinite loops. When the index exceeds the
size of the fnd->nodes array, fnd_push() returns -EINVAL. The indx_find()
function checks this return value and stops processing, preventing further
memory allocation.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 14c3188afbedfd5178bbabb8002487ea14b37b56

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 435d34719db0e130f6f0c621d67ed524cc1a7d10

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 68e32694be231c1cdb99b7637a657314e88e1a96

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 398e768d1accd1f5645492ab996005d7aa84a5b0

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < b0ea441f44ce64fa514a415d4a9e6e2b06e7946c

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 0ad7a1be44479503dbe5c699759861ef5b8bd70c

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 1732053c8a6b360e2d5afb1b34fe9779398b072c

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.202

Status unaffected

Version <= 6.1.*

Version 6.1.165

Status unaffected

Version <= 6.6.*

Version 6.6.128

Status unaffected

Version <= 6.12.*

Version 6.12.75

Status unaffected

Version <= 6.18.*

Version 6.18.16

Status unaffected

Version <= 6.19.*

Version 6.19.6

Status unaffected

Version <= *

Version 7.0-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.095

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/14c3188afbedfd5178bbabb8002487ea14b37b56

https://git.kernel.org/stable/c/435d34719db0e130f6f0c621d67ed524cc1a7d10

https://git.kernel.org/stable/c/68e32694be231c1cdb99b7637a657314e88e1a96

https://git.kernel.org/stable/c/398e768d1accd1f5645492ab996005d7aa84a5b0

https://git.kernel.org/stable/c/b0ea441f44ce64fa514a415d4a9e6e2b06e7946c

https://git.kernel.org/stable/c/0ad7a1be44479503dbe5c699759861ef5b8bd70c

https://git.kernel.org/stable/c/1732053c8a6b360e2d5afb1b34fe9779398b072c

https://nvd.nist.gov/vuln/detail/CVE-2025-71266

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71266

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71266

EUVD