FKIE_CVE-2025-71312

Vulnerability from fkie_nvd - Published: 2026-05-27 14:16 - Updated: 2026-05-27 14:48
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() In ntfs_fill_super(), the fc->fs_private pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfs_fs_free() to skip freeing the ntfs_mount_options structure. This results in a kmemleak report: unreferenced object 0xff1100015378b800 (size 32): comm "mount", pid 582, jiffies 4294890685 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ed ff ed ff 00 04 00 00 ................ backtrace (crc ed541d8c): __kmalloc_cache_noprof+0x424/0x5a0 __ntfs_init_fs_context+0x47/0x590 alloc_fs_context+0x5d8/0x960 __x64_sys_fsopen+0xb1/0x190 do_syscall_64+0x50/0x1f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e This issue can be reproduced using the following commands: fallocate -l 100M test.file mount test.file /tmp/test Since sbi->options is duplicated from fc->fs_private and does not directly use the memory allocated for fs_private, it is unnecessary to set fc->fs_private to NULL. Additionally, this patch simplifies the code by utilizing the helper function put_mount_options() instead of open-coding the cleanup logic.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dac871d833b09495198dcac81d2ebaa8db11acbc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f7edab0cee03a1cbe0e55a7bcab8d2d8b6b74278
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()\n\nIn ntfs_fill_super(), the fc-\u003efs_private pointer is set to NULL without\nfirst freeing the memory it points to. This causes the subsequent call to\nntfs_fs_free() to skip freeing the ntfs_mount_options structure.\n\nThis results in a kmemleak report:\n\n  unreferenced object 0xff1100015378b800 (size 32):\n    comm \"mount\", pid 582, jiffies 4294890685\n    hex dump (first 32 bytes):\n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n      00 00 00 00 00 00 00 00 ed ff ed ff 00 04 00 00  ................\n    backtrace (crc ed541d8c):\n      __kmalloc_cache_noprof+0x424/0x5a0\n      __ntfs_init_fs_context+0x47/0x590\n      alloc_fs_context+0x5d8/0x960\n      __x64_sys_fsopen+0xb1/0x190\n      do_syscall_64+0x50/0x1f0\n      entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis issue can be reproduced using the following commands:\n        fallocate -l 100M test.file\n        mount test.file /tmp/test\n\nSince sbi-\u003eoptions is duplicated from fc-\u003efs_private and does not\ndirectly use the memory allocated for fs_private, it is unnecessary to\nset fc-\u003efs_private to NULL.\n\nAdditionally, this patch simplifies the code by utilizing the helper\nfunction put_mount_options() instead of open-coding the cleanup logic."
    }
  ],
  "id": "CVE-2025-71312",
  "lastModified": "2026-05-27T14:48:31.480",
  "metrics": {},
  "published": "2026-05-27T14:16:43.763",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dac871d833b09495198dcac81d2ebaa8db11acbc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f7edab0cee03a1cbe0e55a7bcab8d2d8b6b74278"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.