CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST<br /> <br /> We found an infinite loop bug in the ntfs3 file system that can lead to a<br /> Denial-of-Service (DoS) condition.<br /> <br /> A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute<br /> indicates a zero data size while the driver allocates memory for it.<br /> <br /> When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set<br /> to zero, it still allocates memory because of al_aligned(0). This creates an<br /> inconsistent state where ni-&gt;attr_list.size is zero, but ni-&gt;attr_list.le is<br /> non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute<br /> list exists and enumerates only the primary MFT record. When it finds<br /> ATTR_LIST, the code reloads it and restarts the enumeration, repeating<br /> indefinitely. The mount operation never completes, hanging the kernel thread.<br /> <br /> This patch adds validation to ensure that data_size is non-zero before memory<br /> allocation. When a zero-sized ATTR_LIST is detected, the function returns<br /> -EINVAL, preventing a DoS vulnerability.