HOMEVULNERABILITIESCVE-2025-71312
NONE

CVE-2025-71312

Published: May 27, 2026· Updated: May 27, 2026

Official Description

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()

In ntfs_fill_super(), the fc->fs_private pointer is set to NULL without

first freeing the memory it points to. This causes the subsequent call to

ntfs_fs_free() to skip freeing the ntfs_mount_options structure.

This results in a kmemleak report:

unreferenced object 0xff1100015378b800 (size 32):

comm "mount", pid 582, jiffies 4294890685

hex dump (first 32 bytes):

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00 00 00 00 00 00 00 00 ed ff ed ff 00 04 00 00 ................

backtrace (crc ed541d8c):

__kmalloc_cache_noprof+0x424/0x5a0

__ntfs_init_fs_context+0x47/0x590

alloc_fs_context+0x5d8/0x960

__x64_sys_fsopen+0xb1/0x190

do_syscall_64+0x50/0x1f0

entry_SYSCALL_64_after_hwframe+0x76/0x7e

This issue can be reproduced using the following commands:

fallocate -l 100M test.file

mount test.file /tmp/test

Since sbi->options is duplicated from fc->fs_private and does not

directly use the memory allocated for fs_private, it is unnecessary to

set fc->fs_private to NULL.

Additionally, this patch simplifies the code by utilizing the helper

function put_mount_options() instead of open-coding the cleanup logic.

NVD Source

Technical Analysis

CVE-2025-71312 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2025-71312
SeverityNONE
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-71312 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.