Linux Kernel NTFS3 File System Infinite Loop Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's NTFS3 file system. The issue arises when a malformed NTFS image contains an ATTR_LIST attribute with a zero data size, prompting the driver to allocate memory for it. This creates an inconsistent state where the attribute list size is zero, but the list itself is non-null. Consequently, the system enters an infinite loop, repeatedly processing the primary Master File Table record without completion, effectively hanging the kernel thread.

Impact

Exploitation of this vulnerability leads to an infinite loop condition, causing the kernel thread to hang indefinitely and disrupting normal system operations.

Reproduction

To reproduce this vulnerability, mount a malformed NTFS image that includes an ATTR_LIST attribute with a data size of zero. The NTFS3 file system will enter an infinite loop during the attribute enumeration process, causing the mount operation to hang indefinitely.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.