#VU124211 Loop with Unreachable Exit Condition ('Infinite Loop') in Linux kernel - CVE-2025-71267
Published: March 20, 2026
Vulnerability identifier: #VU124211
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-71267
CWE-ID: CWE-835
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to an infinite loop in the ntfs3 file system driver when processing a malformed NTFS image with a zero-sized ATTR_LIST attribute. A local attacker can mount a specially crafted NTFS image to cause a denial of service.
The attacker needs physical or local access to insert or mount the malicious NTFS image; no authentication beyond mounting the filesystem is required. The system becomes unresponsive during mount due to an infinite loop in kernel space.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d
- https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68
- https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354
- https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e
- https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c
- https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f
- https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2