CVE-2025-71265 | Linux Kernel up to 6.19.5 ntfs3 run_unpack denial of service
VulDBArchived Mar 18, 2026✓ Full text saved
A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.5 . The affected element is the function run_unpack of the component ntfs3 . The manipulation results in denial of service. This vulnerability is reported as CVE-2025-71265 . The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-351523 · CVE-2025-71265 · EUVD-2025-208818
LINUX KERNEL UP TO 6.19.5 NTFS3 RUN_UNPACK DENIAL OF SERVICE
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
5.5 $0-$5k 0.94
Summaryinfo
A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.5. The impacted element is the function run_unpack of the component ntfs3. This manipulation causes denial of service. This vulnerability appears as CVE-2025-71265. There is no available exploit. It is suggested to upgrade the affected component.
Detailsinfo
A vulnerability classified as critical was found in Linux Kernel up to 6.19.5. Affected by this vulnerability is the function run_unpack of the component ntfs3. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an attribute header indicates an empty run list, while directory entries reference it as containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way to represent an empty run list, and run_unpack() correctly handles this by checking if evcn + 1 equals svcn and returning early without parsing any run data. However, this creates a problem when there is metadata inconsistency, where the attribute header claims to be empty (evcn=-1) but the caller expects to read actual data. When run_unpack() immediately returns success upon seeing this condition, it leaves the runs_tree uninitialized with run->runs as a NULL. The calling function attr_load_runs_range() assumes that a successful return means that the runs were loaded and sets clen to 0, expecting the next run_lookup_entry() call to succeed. Because runs_tree remains uninitialized, run_lookup_entry() continues to fail, and the loop increments vcn by zero (vcn += 0), leading to an infinite loop. This patch adds a retry counter to detect when run_lookup_entry() fails consecutively after attr_load_runs_vcn(). If the run is still not found on the second attempt, it indicates corrupted metadata and returns -EINVAL, preventing the Denial-of-Service (DoS) vulnerability.
It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2025-71265 since 03/17/2026. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6 or 7.0-rc1 eliminates this vulnerability. Applying the patch 6f07a590616ff5f57f7c041d98e463fad9e9f763/a89bc96d5abd8a4a8d5d911884ea347efcdf460b/af839013c70a24779f9d1afb1575952009312d38/78b61f7eac37a63284774b147f38dd0be6cad43c/c0b43c45d45f59e7faad48675a50231a210c379b/3c3a6e951b9b53dab2ac460a655313cf04c4a10a/4b90f16e4bb5607fb35e7802eb67874038da4640 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at EUVD (EUVD-2025-208818) and CERT Bund (WID-SEC-2026-0774).
Affected
Open Source Linux Kernel
Productinfo
Type
Operating System
Vendor
Linux
Name
Kernel
Version
5.15.201
6.1.164
6.6.127
6.12.0
6.12.1
6.12.2
6.12.3
6.12.4
6.12.5
6.12.6
6.12.7
6.12.8
6.12.9
6.12.10
6.12.11
6.12.12
6.12.13
6.12.14
6.12.15
6.12.16
6.12.17
6.12.18
6.12.19
6.12.20
6.12.21
6.12.22
6.12.23
6.12.24
6.12.25
6.12.26
6.12.27
6.12.28
6.12.29
6.12.30
6.12.31
6.12.32
6.12.33
6.12.34
6.12.35
6.12.36
6.12.37
6.12.38
6.12.39
6.12.40
6.12.41
6.12.42
6.12.43
6.12.44
6.12.45
6.12.46
6.12.47
6.12.48
6.12.49
6.12.50
6.12.51
6.12.52
6.12.53
6.12.54
6.12.55
6.12.56
6.12.57
6.12.58
6.12.59
6.12.60
6.12.61
6.12.62
6.12.63
6.12.64
6.12.65
6.12.66
6.12.67
6.12.68
6.12.69
6.12.70
6.12.71
6.12.72
6.12.73
6.12.74
6.18.0
6.18.1
6.18.2
6.18.3
6.18.4
6.18.5
6.18.6
6.18.7
6.18.8
6.18.9
6.18.10
6.18.11
6.18.12
6.18.13
6.18.14
6.18.15
6.19.0
6.19.1
6.19.2
6.19.3
6.19.4
6.19.5
License
open-source
Website
Vendor: https://www.kernel.org/
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 5.7
VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Denial of service
CWE: CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: Kernel 5.15.202/6.1.165/6.6.128/6.12.75/6.18.16/6.19.6/7.0-rc1
Patch: 6f07a590616ff5f57f7c041d98e463fad9e9f763/a89bc96d5abd8a4a8d5d911884ea347efcdf460b/af839013c70a24779f9d1afb1575952009312d38/78b61f7eac37a63284774b147f38dd0be6cad43c/c0b43c45d45f59e7faad48675a50231a210c379b/3c3a6e951b9b53dab2ac460a655313cf04c4a10a/4b90f16e4bb5607fb35e7802eb67874038da4640
Timelineinfo
03/17/2026 CVE reserved
03/18/2026 +1 days Advisory disclosed
03/18/2026 +0 days VulDB entry created
03/18/2026 +0 days VulDB entry last update
Sourcesinfo
Vendor: kernel.org
Advisory: git.kernel.org
Status: Confirmed
CVE: CVE-2025-71265 (🔒)
GCVE (CVE): GCVE-0-2025-71265
GCVE (VulDB): GCVE-100-351523
EUVD: 🔒
CERT Bund: WID-SEC-2026-0774 - Linux Kernel: Mehrere Schwachstellen
Entryinfo
Created: 03/18/2026 11:59
Updated: 03/18/2026 14:48
Changes: 03/18/2026 11:59 (59), 03/18/2026 12:52 (1), 03/18/2026 14:48 (7)
Complete: 🔍
Cache ID: 99:BED:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸