CVE-2025-71267 | Linux Kernel up to 6.19.5 ntfs3 ntfs_load_attr_list denial of service
VulDBArchived Mar 18, 2026✓ Full text saved
A vulnerability was found in Linux Kernel up to 6.19.5 . It has been rated as critical . This vulnerability affects the function ntfs_load_attr_list of the component ntfs3 . Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-71267 . The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-351520 · CVE-2025-71267 · EUVD-2025-208821
LINUX KERNEL UP TO 6.19.5 NTFS3 NTFS_LOAD_ATTR_LIST DENIAL OF SERVICE
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
5.5 $0-$5k 0.67+
Summaryinfo
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.19.5. This issue affects the function ntfs_load_attr_list of the component ntfs3. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2025-71267. No exploit is available. It is advisable to upgrade the affected component.
Detailsinfo
A vulnerability was found in Linux Kernel up to 6.19.5. It has been declared as critical. This vulnerability affects the function ntfs_load_attr_list of the component ntfs3. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it. When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread. This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.
The advisory is shared for download at git.kernel.org. This vulnerability was named CVE-2025-71267 since 03/17/2026. There are known technical details, but no exploit is available.
Upgrading to version 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6 or 7.0-rc1 eliminates this vulnerability. Applying the patch 9267d99fade76d44d4a133599524031fe684156e/976e6a7c51fabf150478decbe8ef5d9a26039b7c/8d8c70b57dbeda3eb165c0940b97e85373ca9354/7ef219656febf5ae06ae56b1fce47ebd05f92b68/9779a6eaaabdf47aa57910d352b398ad742e6a5f/fd508939dbca5eceefb2d0c2564beb15469572f2/06909b2549d631a47fcda249d34be26f7ca1711d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-208821).
Productinfo
Type
Operating System
Vendor
Linux
Name
Kernel
Version
5.15.201
6.1.164
6.6.127
6.12.0
6.12.1
6.12.2
6.12.3
6.12.4
6.12.5
6.12.6
6.12.7
6.12.8
6.12.9
6.12.10
6.12.11
6.12.12
6.12.13
6.12.14
6.12.15
6.12.16
6.12.17
6.12.18
6.12.19
6.12.20
6.12.21
6.12.22
6.12.23
6.12.24
6.12.25
6.12.26
6.12.27
6.12.28
6.12.29
6.12.30
6.12.31
6.12.32
6.12.33
6.12.34
6.12.35
6.12.36
6.12.37
6.12.38
6.12.39
6.12.40
6.12.41
6.12.42
6.12.43
6.12.44
6.12.45
6.12.46
6.12.47
6.12.48
6.12.49
6.12.50
6.12.51
6.12.52
6.12.53
6.12.54
6.12.55
6.12.56
6.12.57
6.12.58
6.12.59
6.12.60
6.12.61
6.12.62
6.12.63
6.12.64
6.12.65
6.12.66
6.12.67
6.12.68
6.12.69
6.12.70
6.12.71
6.12.72
6.12.73
6.12.74
6.18.0
6.18.1
6.18.2
6.18.3
6.18.4
6.18.5
6.18.6
6.18.7
6.18.8
6.18.9
6.18.10
6.18.11
6.18.12
6.18.13
6.18.14
6.18.15
6.19.0
6.19.1
6.19.2
6.19.3
6.19.4
6.19.5
License
open-source
Website
Vendor: https://www.kernel.org/
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 5.7
VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Denial of service
CWE: CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: Kernel 5.15.202/6.1.165/6.6.128/6.12.75/6.18.16/6.19.6/7.0-rc1
Patch: 9267d99fade76d44d4a133599524031fe684156e/976e6a7c51fabf150478decbe8ef5d9a26039b7c/8d8c70b57dbeda3eb165c0940b97e85373ca9354/7ef219656febf5ae06ae56b1fce47ebd05f92b68/9779a6eaaabdf47aa57910d352b398ad742e6a5f/fd508939dbca5eceefb2d0c2564beb15469572f2/06909b2549d631a47fcda249d34be26f7ca1711d
Timelineinfo
03/17/2026 CVE reserved
03/18/2026 +1 days Advisory disclosed
03/18/2026 +0 days VulDB entry created
03/18/2026 +0 days VulDB entry last update
Sourcesinfo
Vendor: kernel.org
Advisory: git.kernel.org
Status: Confirmed
CVE: CVE-2025-71267 (🔒)
GCVE (CVE): GCVE-0-2025-71267
GCVE (VulDB): GCVE-100-351520
EUVD: 🔒
Entryinfo
Created: 03/18/2026 11:58
Updated: 03/18/2026 12:52
Changes: 03/18/2026 11:58 (59), 03/18/2026 12:52 (1)
Complete: 🔍
Cache ID: 99:6AC:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸