In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper()
In ntfsfillsuper(), the fc->fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree() to skip freeing the ntfsmount_options structure.
This results in a kmemleak report:
unreferenced object 0xff1100015378b800 (size 32): comm "mount", pid 582, jiffies 4294890685 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ed ff ed ff 00 04 00 00 ................ backtrace (crc ed541d8c): __kmalloccachenoprof+0x424/0x5a0 __ntfsinitfscontext+0x47/0x590 allocfs_context+0x5d8/0x960 __x64sysfsopen+0xb1/0x190 dosyscall64+0x50/0x1f0 entrySYSCALL64afterhwframe+0x76/0x7e
This issue can be reproduced using the following commands: fallocate -l 100M test.file mount test.file /tmp/test
Since sbi->options is duplicated from fc->fsprivate and does not directly use the memory allocated for fsprivate, it is unnecessary to set fc->fs_private to NULL.
Additionally, this patch simplifies the code by utilizing the helper function putmountoptions() instead of open-coding the cleanup logic.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71312.json",
"cna_assigner": "Linux"
}