Description
In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a
Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute
indicates a zero data size while the driver allocates memory for it.

When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set
to zero, it still allocates memory because of al_aligned(0). This creates an
inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is
non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute
list exists and enumerates only the primary MFT record. When it finds
ATTR_LIST, the code reloads it and restarts the enumeration, repeating
indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that data_size is non-zero before memory
allocation. When a zero-sized ATTR_LIST is detected, the function returns
-EINVAL, preventing a DoS vulnerability.
Published: 2026-03-18
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via infinite loop in ntfs3 filesystem
Action: Apply Patch
AI Analysis

Impact

An infinite loop bug exists in the Linux kernel’s ntfs3 filesystem driver. When a malformed NTFS image contains an ATTR_LIST attribute with zero data size, the driver attempts to allocate memory for it, discovers an inconsistent state, and repeatedly reloads and re‑enumerates the attribute list. This causes the mount operation to hang indefinitely, effectively denying service to the affected volume.

Affected Systems

Any system running a Linux kernel that includes the ntfs3 driver and mounts NTFS volumes is vulnerable. Because the advisory does not list specific kernel versions, all releases before the patch that contain the unmodified ntfs3 code are considered affected. This includes desktop, server, and embedded Linux environments that might automatically mount removable storage devices.

Risk and Exploitability

The exploit probability (EPSS) is below 1% and the vulnerability is not present in CISA’s KEV catalog, indicating a low likelihood of exploitation. The attack vector is inferred to involve an attacker presenting a crafted NTFS image to a system that mounts it, which then triggers the infinite loop and hangs the kernel thread. The impact is limited to denial of service; there is no evidence of privilege escalation or data compromise.

Generated by OpenCVE AI on March 27, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the ntfs3 fix patch
  • If a kernel upgrade cannot be applied immediately, avoid mounting NTFS volumes that could contain untrusted data until the patch is deployed
  • If the vulnerability is triggered, terminate the hung mount process or reboot the system to clear the blocked kernel thread
  • Monitor system logs for repeated mount failures or kernel hangs that may indicate exploitation attempts

Generated by OpenCVE AI on March 27, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-666

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-758

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-758

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-770

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-770

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-668
CWE-674

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-668
CWE-674

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-382
CWE-681
CWE-682

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-382
CWE-681
CWE-682

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 10:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it. When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread. This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.
Title fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:02:33.359Z

Reserved: 2026-03-17T09:08:18.457Z

Link: CVE-2025-71267

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T11:16:15.720

Modified: 2026-03-18T14:52:44.227

Link: CVE-2025-71267

cve-icon Redhat

Severity :

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2025-71267 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:29:07Z

Weaknesses