CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved:

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition.

A malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute indicates a zero data size while the driver allocates memory for it.

When ntfsloadattrlist() processes a resident ATTRLIST with datasize set to zero, it still allocates memory because of alaligned(0). This creates an inconsistent state where ni->attrlist.size is zero, but ni->attrlist.le is non-null. This causes nienumattrex to incorrectly assume that no attribute list exists and enumerates only the primary MFT record. When it finds ATTRLIST, the code reloads it and restarts the enumeration, repeating indefinitely. The mount operation never completes, hanging the kernel thread.

This patch adds validation to ensure that datasize is non-zero before memory allocation. When a zero-sized ATTRLIST is detected, the function returns -EINVAL, preventing a DoS vulnerability.