HOMEVULNERABILITIESCVE-2025-71265
NONE

CVE-2025-71265

Published: March 18, 2026· Updated: Mar 18, 2026

EPSS:0.04%probability of exploitation in 30 daysPercentile:11.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata

We found an infinite loop bug in the ntfs3 file system that can lead to a

Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an attribute header

indicates an empty run list, while directory entries reference it as

containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way

to represent an empty run list, and run_unpack() correctly handles this by

checking if evcn + 1 equals svcn and returning early without parsing any run

data. However, this creates a problem when there is metadata inconsistency,

where the attribute header claims to be empty (evcn=-1) but the caller

expects to read actual data. When run_unpack() immediately returns success

upon seeing this condition, it leaves the runs_tree uninitialized with

run->runs as a NULL. The calling function attr_load_runs_range() assumes

that a successful return means that the runs were loaded and sets clen to 0,

expecting the next run_lookup_entry() call to succeed. Because runs_tree

remains uninitialized, run_lookup_entry() continues to fail, and the loop

increments vcn by zero (vcn += 0), leading to an infinite loop.

This patch adds a retry counter to detect when run_lookup_entry() fails

consecutively after attr_load_runs_vcn(). If the run is still not found on

the second attempt, it indicates corrupted metadata and returns -EINVAL,

preventing the Denial-of-Service (DoS) vulnerability.

NVD Source

Technical Analysis

CVE-2025-71265 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2025-71265
SeverityNONE
CISA KEVNo
EPSS (30d)0.04%
PublishedMar 18, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-71265 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.