CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs

CVE-2025-71265 | Linux Kernel up to 6.19.5 ntfs3 run_unpack denial of service

VulDB Archived Mar 18, 2026 ✓ Full text saved

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.5 . The affected element is the function run_unpack of the component ntfs3 . The manipulation results in denial of service. This vulnerability is reported as CVE-2025-71265 . The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

Full text archived locally
✦ AI Summary · Claude Sonnet


    VDB-351523 · CVE-2025-71265 · EUVD-2025-208818 LINUX KERNEL UP TO 6.19.5 NTFS3 RUN_UNPACK DENIAL OF SERVICE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.5 $0-$5k 0.94 Summaryinfo A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.5. The impacted element is the function run_unpack of the component ntfs3. This manipulation causes denial of service. This vulnerability appears as CVE-2025-71265. There is no available exploit. It is suggested to upgrade the affected component. Detailsinfo A vulnerability classified as critical was found in Linux Kernel up to 6.19.5. Affected by this vulnerability is the function run_unpack of the component ntfs3. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is: In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an attribute header indicates an empty run list, while directory entries reference it as containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way to represent an empty run list, and run_unpack() correctly handles this by checking if evcn + 1 equals svcn and returning early without parsing any run data. However, this creates a problem when there is metadata inconsistency, where the attribute header claims to be empty (evcn=-1) but the caller expects to read actual data. When run_unpack() immediately returns success upon seeing this condition, it leaves the runs_tree uninitialized with run->runs as a NULL. The calling function attr_load_runs_range() assumes that a successful return means that the runs were loaded and sets clen to 0, expecting the next run_lookup_entry() call to succeed. Because runs_tree remains uninitialized, run_lookup_entry() continues to fail, and the loop increments vcn by zero (vcn += 0), leading to an infinite loop. This patch adds a retry counter to detect when run_lookup_entry() fails consecutively after attr_load_runs_vcn(). If the run is still not found on the second attempt, it indicates corrupted metadata and returns -EINVAL, preventing the Denial-of-Service (DoS) vulnerability. It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2025-71265 since 03/17/2026. Technical details of the vulnerability are known, but there is no available exploit. Upgrading to version 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6 or 7.0-rc1 eliminates this vulnerability. Applying the patch 6f07a590616ff5f57f7c041d98e463fad9e9f763/a89bc96d5abd8a4a8d5d911884ea347efcdf460b/af839013c70a24779f9d1afb1575952009312d38/78b61f7eac37a63284774b147f38dd0be6cad43c/c0b43c45d45f59e7faad48675a50231a210c379b/3c3a6e951b9b53dab2ac460a655313cf04c4a10a/4b90f16e4bb5607fb35e7802eb67874038da4640 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. The vulnerability is also documented in the databases at EUVD (EUVD-2025-208818) and CERT Bund (WID-SEC-2026-0774). Affected Open Source Linux Kernel Productinfo Type Operating System Vendor Linux Name Kernel Version 5.15.201 6.1.164 6.6.127 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.7 VulDB Meta Temp Score: 5.5 VulDB Base Score: 5.7 VulDB Temp Score: 5.5 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Denial of service CWE: CWE-404 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 5.15.202/6.1.165/6.6.128/6.12.75/6.18.16/6.19.6/7.0-rc1 Patch: 6f07a590616ff5f57f7c041d98e463fad9e9f763/a89bc96d5abd8a4a8d5d911884ea347efcdf460b/af839013c70a24779f9d1afb1575952009312d38/78b61f7eac37a63284774b147f38dd0be6cad43c/c0b43c45d45f59e7faad48675a50231a210c379b/3c3a6e951b9b53dab2ac460a655313cf04c4a10a/4b90f16e4bb5607fb35e7802eb67874038da4640 Timelineinfo 03/17/2026 CVE reserved 03/18/2026 +1 days Advisory disclosed 03/18/2026 +0 days VulDB entry created 03/18/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2025-71265 (🔒) GCVE (CVE): GCVE-0-2025-71265 GCVE (VulDB): GCVE-100-351523 EUVD: 🔒 CERT Bund: WID-SEC-2026-0774 - Linux Kernel: Mehrere Schwachstellen Entryinfo Created: 03/18/2026 11:59 Updated: 03/18/2026 14:48 Changes: 03/18/2026 11:59 (59), 03/18/2026 12:52 (1), 03/18/2026 14:48 (7) Complete: 🔍 Cache ID: 99:BED:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸
    💬 Team Notes
    Article Info
    Source
    VulDB
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Archived
    Mar 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗