HOMEVULNERABILITIESCVE-2025-71267
NONE

CVE-2025-71267

Published: March 18, 2026· Updated: Mar 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a

Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute

indicates a zero data size while the driver allocates memory for it.

When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set

to zero, it still allocates memory because of al_aligned(0). This creates an

inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is

non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute

list exists and enumerates only the primary MFT record. When it finds

ATTR_LIST, the code reloads it and restarts the enumeration, repeating

indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that data_size is non-zero before memory

allocation. When a zero-sized ATTR_LIST is detected, the function returns

-EINVAL, preventing a DoS vulnerability.

NVD Source

Technical Analysis

CVE-2025-71267 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2025-71267
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 18, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-71267 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.