CVE-2025-71312

Source
https://cve.org/CVERecord?id=CVE-2025-71312
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71312.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-71312
Downstream
Published
2026-05-27T12:24:03.532Z
Modified
2026-07-08T07:32:18.286775674Z
Summary
fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper()

In ntfsfillsuper(), the fc->fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree() to skip freeing the ntfsmount_options structure.

This results in a kmemleak report:

unreferenced object 0xff1100015378b800 (size 32): comm "mount", pid 582, jiffies 4294890685 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ed ff ed ff 00 04 00 00 ................ backtrace (crc ed541d8c): __kmalloccachenoprof+0x424/0x5a0 __ntfsinitfscontext+0x47/0x590 allocfs_context+0x5d8/0x960 __x64sysfsopen+0xb1/0x190 dosyscall64+0x50/0x1f0 entrySYSCALL64afterhwframe+0x76/0x7e

This issue can be reproduced using the following commands: fallocate -l 100M test.file mount test.file /tmp/test

Since sbi->options is duplicated from fc->fsprivate and does not directly use the memory allocated for fsprivate, it is unnecessary to set fc->fs_private to NULL.

Additionally, this patch simplifies the code by utilizing the helper function putmountoptions() instead of open-coding the cleanup logic.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71312.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aee4d5a521e94f658e46c904e08a473daa9c8fc0
Fixed
dac871d833b09495198dcac81d2ebaa8db11acbc
Fixed
f7edab0cee03a1cbe0e55a7bcab8d2d8b6b74278

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71312.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71312.json"