VDB

DEBIAN-CVE-2025-71265

DEBIAN-CVE-2025-71265 PUBLISHED CVSS 8.699999809265137 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an attribute header indicates an empty run list, while directory entries reference it as containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way to represent an empty run list, and run_unpack() correctly handles this by checking if evcn + 1 equals svcn and returning early without parsing any run data. However, this creates a problem when there is metadata inconsistency, where the attribute header claims to be empty (evcn=-1) but the caller expects to read actual data. When run_unpack() immediately returns success upon seeing this condition, it leaves the runs_tree uninitialized with run->runs as a NULL. The calling function attr_load_runs_range() assumes that a successful return means that the runs were loaded and sets clen to 0, expecting the next run_lookup_entry() call to succeed. Because runs_tree remains uninitialized, run_lookup_entry() continues to fail, and the loop increments vcn by zero (vcn += 0), leading to an infinite loop. This patch adds a retry counter to detect when run_lookup_entry() fails consecutively after attr_load_runs_vcn(). If the run is still not found on the second attempt, it indicates corrupted metadata and returns -EINVAL, preventing the Denial-of-Service (DoS) vulnerability.

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:12linux6.7.12-1, *, 6.12.11-1
Debian:14linux6.18.15-1, 6.12.41-1, 6.12.43-1~bpo12+1
Debian:11linux-6.16.1.159-1, 6.1.162-1, 6.1.164-1
Debian:13linux6.12.38-1, 6.12.41-1, 6.12.43-1

Exploit Intelligence

Timeline

  • Mar 18, 2026 CVE Published
  • May 2, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›