SB20260320118 - Loop with Unreachable Exit Condition ('Infinite Loop') in Linux kernel ntfs3
Published: March 20, 2026
Security Bulletin ID
SB20260320118
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-ID: CVE-2025-71266)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the ntfs3 filesystem when handling a malformed dentry during lookup operations. A local attacker can provide a specially crafted NTFS-3 volume to cause a denial of service.
The attacker manipulates the HAS_SUB_NODE flag and VCN pointer in an INDEX_ENTRY, causing the indx_find() function to enter an infinite loop, repeatedly allocating memory until system resources are exhausted.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0ad7a1be44479503dbe5c699759861ef5b8bd70c
- https://git.kernel.org/stable/c/14c3188afbedfd5178bbabb8002487ea14b37b56
- https://git.kernel.org/stable/c/1732053c8a6b360e2d5afb1b34fe9779398b072c
- https://git.kernel.org/stable/c/398e768d1accd1f5645492ab996005d7aa84a5b0
- https://git.kernel.org/stable/c/435d34719db0e130f6f0c621d67ed524cc1a7d10
- https://git.kernel.org/stable/c/68e32694be231c1cdb99b7637a657314e88e1a96
- https://git.kernel.org/stable/c/b0ea441f44ce64fa514a415d4a9e6e2b06e7946c