SB20260320117 - Loop with Unreachable Exit Condition ('Infinite Loop') in Linux kernel ntfs3
Published: March 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-ID: CVE-2025-71267)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to an infinite loop in the ntfs3 file system driver when processing a malformed NTFS image with a zero-sized ATTR_LIST attribute. A local attacker can mount a specially crafted NTFS image to cause a denial of service.
The attacker needs physical or local access to insert or mount the malicious NTFS image; no authentication beyond mounting the filesystem is required. The system becomes unresponsive during mount due to an infinite loop in kernel space.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d
- https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68
- https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354
- https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e
- https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c
- https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f
- https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2