Vulnerability-Lookup

CVE-2025-71267 (GCVE-0-2025-71267)

Vulnerability from cvelistv5 – Published: 2026-03-18 10:05 – Updated: 2026-03-18 16:21

Title

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

Summary

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it. When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread. This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9267d99fade76d44d…
	https://git.kernel.org/stable/c/976e6a7c51fabf150…
	https://git.kernel.org/stable/c/8d8c70b57dbeda3eb…
	https://git.kernel.org/stable/c/7ef219656febf5ae0…
	https://git.kernel.org/stable/c/9779a6eaaabdf47aa…
	https://git.kernel.org/stable/c/fd508939dbca5ecee…
	https://git.kernel.org/stable/c/06909b2549d631a47…

Impacted products

Vendor

Product

Version

Linux

Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < 9267d99fade76d44d4a133599524031fe684156e (git)
Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < 976e6a7c51fabf150478decbe8ef5d9a26039b7c (git)
Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < 8d8c70b57dbeda3eb165c0940b97e85373ca9354 (git)
Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < 7ef219656febf5ae06ae56b1fce47ebd05f92b68 (git)
Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < 9779a6eaaabdf47aa57910d352b398ad742e6a5f (git)
Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < fd508939dbca5eceefb2d0c2564beb15469572f2 (git)
Affected: be71b5cba2e6485e8959da7a9f9a44461a1bb074 , < 06909b2549d631a47fcda249d34be26f7ca1711d (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.202 , ≤ 5.15.* (semver)
Unaffected: 6.1.165 , ≤ 6.1.* (semver)
Unaffected: 6.6.128 , ≤ 6.6.* (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.16 , ≤ 6.18.* (semver)
Unaffected: 6.19.6 , ≤ 6.19.* (semver)
Unaffected: 7.0-rc1 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/attrlist.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9267d99fade76d44d4a133599524031fe684156e",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            },
            {
              "lessThan": "976e6a7c51fabf150478decbe8ef5d9a26039b7c",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            },
            {
              "lessThan": "8d8c70b57dbeda3eb165c0940b97e85373ca9354",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            },
            {
              "lessThan": "7ef219656febf5ae06ae56b1fce47ebd05f92b68",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            },
            {
              "lessThan": "9779a6eaaabdf47aa57910d352b398ad742e6a5f",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            },
            {
              "lessThan": "fd508939dbca5eceefb2d0c2564beb15469572f2",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            },
            {
              "lessThan": "06909b2549d631a47fcda249d34be26f7ca1711d",
              "status": "affected",
              "version": "be71b5cba2e6485e8959da7a9f9a44461a1bb074",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/attrlist.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0-rc1",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\nindicates a zero data size while the driver allocates memory for it.\n\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\nto zero, it still allocates memory because of al_aligned(0). This creates an\ninconsistent state where ni-\u003eattr_list.size is zero, but ni-\u003eattr_list.le is\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\nlist exists and enumerates only the primary MFT record. When it finds\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\nindefinitely. The mount operation never completes, hanging the kernel thread.\n\nThis patch adds validation to ensure that data_size is non-zero before memory\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\n-EINVAL, preventing a DoS vulnerability."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T16:21:46.805Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e"
        },
        {
          "url": "https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68"
        },
        {
          "url": "https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d"
        }
      ],
      "title": "fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71267",
    "datePublished": "2026-03-18T10:05:04.008Z",
    "dateReserved": "2026-03-17T09:08:18.457Z",
    "dateUpdated": "2026-03-18T16:21:46.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-71267\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-18T11:16:15.720\",\"lastModified\":\"2026-03-18T14:52:44.227\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\\n\\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\\nDenial-of-Service (DoS) condition.\\n\\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\\nindicates a zero data size while the driver allocates memory for it.\\n\\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\\nto zero, it still allocates memory because of al_aligned(0). This creates an\\ninconsistent state where ni-\u003eattr_list.size is zero, but ni-\u003eattr_list.le is\\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\\nlist exists and enumerates only the primary MFT record. When it finds\\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\\nindefinitely. The mount operation never completes, hanging the kernel thread.\\n\\nThis patch adds validation to ensure that data_size is non-zero before memory\\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\\n-EINVAL, preventing a DoS vulnerability.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2025-71267

Vulnerability from fkie_nvd - Published: 2026-03-18 11:16 - Updated: 2026-03-18 14:52

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\nindicates a zero data size while the driver allocates memory for it.\n\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\nto zero, it still allocates memory because of al_aligned(0). This creates an\ninconsistent state where ni-\u003eattr_list.size is zero, but ni-\u003eattr_list.le is\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\nlist exists and enumerates only the primary MFT record. When it finds\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\nindefinitely. The mount operation never completes, hanging the kernel thread.\n\nThis patch adds validation to ensure that data_size is non-zero before memory\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\n-EINVAL, preventing a DoS vulnerability."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfs: ntfs3: corrige bucle infinito provocado por ATTR_LIST de tama\u00f1o cero\n\nSe encontr\u00f3 un error de bucle infinito en el sistema de archivos ntfs3 que puede llevar a una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS).\n\nUna imagen NTFS malformada puede causar un bucle infinito cuando un atributo ATTR_LIST indica un tama\u00f1o de datos cero mientras el controlador asigna memoria para ello.\n\nCuando ntfs_load_attr_list() procesa un ATTR_LIST residente con data_size establecido en cero, todav\u00eda asigna memoria debido a al_aligned(0). Esto crea un estado inconsistente donde ni-\u0026gt;attr_list.size es cero, pero ni-\u0026gt;attr_list.le no es nulo. Esto hace que ni_enum_attr_ex asuma incorrectamente que no existe ninguna lista de atributos y enumere solo el registro MFT primario. Cuando encuentra ATTR_LIST, el c\u00f3digo lo recarga y reinicia la enumeraci\u00f3n, repiti\u00e9ndose indefinidamente. La operaci\u00f3n de montaje nunca se completa, colgando el hilo del kernel.\n\nEste parche a\u00f1ade validaci\u00f3n para asegurar que data_size no sea cero antes de la asignaci\u00f3n de memoria. Cuando se detecta un ATTR_LIST de tama\u00f1o cero, la funci\u00f3n devuelve -EINVAL, previniendo una vulnerabilidad de DoS."
    }
  ],
  "id": "CVE-2025-71267",
  "lastModified": "2026-03-18T14:52:44.227",
  "metrics": {},
  "published": "2026-03-18T11:16:15.720",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

MSRC_CVE-2025-71267

Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-27 14:37

Summary

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2025-71267

Vendor Fix 6.6.130.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade https://learn.microsoft.com/en-us/azure/azure-lin…

References

URL

GHSA-J72W-3754-92GG

Vulnerability from github – Published: 2026-03-18 12:31 – Updated: 2026-03-18 12:31

Details

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it.

When ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, it still allocates memory because of al_aligned(0). This creates an inconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is non-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTR_LIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that data_size is non-zero before memory allocation. When a zero-sized ATTR_LIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-71267"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-18T11:16:15Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\nindicates a zero data size while the driver allocates memory for it.\n\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\nto zero, it still allocates memory because of al_aligned(0). This creates an\ninconsistent state where ni-\u003eattr_list.size is zero, but ni-\u003eattr_list.le is\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\nlist exists and enumerates only the primary MFT record. When it finds\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\nindefinitely. The mount operation never completes, hanging the kernel thread.\n\nThis patch adds validation to ensure that data_size is non-zero before memory\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\n-EINVAL, preventing a DoS vulnerability.",
  "id": "GHSA-j72w-3754-92gg",
  "modified": "2026-03-18T12:31:52Z",
  "published": "2026-03-18T12:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71267"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2026-AVI-0341

Vulnerability from certfr_avis - Published: 2026-03-23 - Updated: 2026-03-23

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	azl3 libexif 0.6.24-1 versions antérieures à 0.6.24-2
Microsoft	N/A	azl3 kernel 6.6.126.1-1 versions antérieures à 6.6.129.1-1
Microsoft	N/A	azl3 nghttp2 1.61.0-2 versions antérieures à 1.61.0-3
Microsoft	N/A	azl3 pyOpenSSL 24.2.1-1 versions antérieures à 24.2.1-2

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-27448	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71265	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23243	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-27135	2026-03-20	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23241	2026-03-18	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71267	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23266	2026-03-20	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23259	2026-03-20	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23267	2026-03-20	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23248	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23233	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71239	2026-03-18	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-32775	2026-03-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71266	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-27459	2026-03-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23242	2026-03-19	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 libexif 0.6.24-1 versions ant\u00e9rieures \u00e0 0.6.24-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.126.1-1 versions ant\u00e9rieures \u00e0 6.6.129.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nghttp2 1.61.0-2 versions ant\u00e9rieures \u00e0 1.61.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 pyOpenSSL 24.2.1-1 versions ant\u00e9rieures \u00e0 24.2.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-27135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
    },
    {
      "name": "CVE-2025-71265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71265"
    },
    {
      "name": "CVE-2025-71239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71239"
    },
    {
      "name": "CVE-2026-32775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32775"
    },
    {
      "name": "CVE-2025-71267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71267"
    },
    {
      "name": "CVE-2026-23267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23267"
    },
    {
      "name": "CVE-2026-23259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23259"
    },
    {
      "name": "CVE-2026-23243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
    },
    {
      "name": "CVE-2026-23242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
    },
    {
      "name": "CVE-2026-27459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
    },
    {
      "name": "CVE-2026-27448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
    },
    {
      "name": "CVE-2026-23233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23233"
    },
    {
      "name": "CVE-2026-23266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23266"
    },
    {
      "name": "CVE-2025-71266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71266"
    },
    {
      "name": "CVE-2026-23241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23241"
    },
    {
      "name": "CVE-2026-23248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23248"
    }
  ],
  "initial_release_date": "2026-03-23T00:00:00",
  "last_revision_date": "2026-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0341",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27448",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27448"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71265",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71265"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23243",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23243"
    },
    {
      "published_at": "2026-03-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27135",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27135"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23241",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23241"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71267"
    },
    {
      "published_at": "2026-03-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23266"
    },
    {
      "published_at": "2026-03-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23259",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23259"
    },
    {
      "published_at": "2026-03-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23267"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23248"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23233",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23233"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71239",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71239"
    },
    {
      "published_at": "2026-03-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32775",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32775"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71266"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27459",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27459"
    },
    {
      "published_at": "2026-03-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23242"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-71267 (GCVE-0-2025-71267)

FKIE_CVE-2025-71267

MSRC_CVE-2025-71267

GHSA-J72W-3754-92GG

CERTFR-2026-AVI-0341

Solutions

Tags

Sightings

Nomenclature