CVE-2025-71266
Received Received - Intake
Infinite Loop DoS in Linux Kernel ntfs3 Filesystem Lookup

Publication date: 2026-03-18

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indx_find to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed dentry in the ntfs3 filesystem can cause the kernel to hang during the lookup operations. By setting the HAS_SUB_NODE flag in an INDEX_ENTRY within a directory's INDEX_ALLOCATION block and manipulating the VCN pointer, an attacker can cause the indx_find() function to repeatedly read the same block, allocating 4 KB of memory each time. The kernel lacks VCN loop detection and depth limits, causing memory exhaustion and an OOM crash. This patch adds a return value check for fnd_push() to prevent a memory exhaustion vulnerability caused by infinite loops. When the index exceeds the size of the fnd->nodes array, fnd_push() returns -EINVAL. The indx_find() function checks this return value and stops processing, preventing further memory allocation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71266
EUVD
EUVD-2025-208819
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's ntfs3 file system. It is caused by an infinite loop bug in the indx_find() function during directory lookup operations.

An attacker can exploit this by crafting a malformed directory entry (dentry) that sets the HAS_SUB_NODE flag in an INDEX_ENTRY and manipulates the VCN pointer. This causes indx_find() to repeatedly read the same block and allocate 4 KB of memory each time without detecting the loop.

Because the kernel does not have loop detection or depth limits for this operation, it leads to memory exhaustion and an out-of-memory (OOM) crash, effectively causing a Denial-of-Service (DoS) condition.

The vulnerability was fixed by adding a return value check in the fnd_push() function to detect when the index exceeds the nodes array size, allowing indx_find() to stop processing and prevent further memory allocation.


How can this vulnerability impact me? :

This vulnerability can impact you by causing a Denial-of-Service (DoS) condition on systems running the affected Linux kernel with the ntfs3 file system.

An attacker can exploit the infinite loop bug to cause the kernel to hang and exhaust system memory, leading to an out-of-memory crash.

This can result in system instability, downtime, and potential loss of availability of services or data hosted on the affected system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the patch fixing the infinite loop bug in the ntfs3 filesystem.

The patch adds a return value check in the indx_find() function to prevent memory exhaustion caused by infinite loops triggered by malformed directory entries.

Until the update is applied, avoid mounting or accessing NTFS3 filesystems that could contain malformed directory entries to reduce the risk of triggering the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart