CVE-2025-71312 Linux CVE debrief

Who should care

Linux system administrators, kernel maintainers, and security teams monitoring for memory exhaustion conditions in systems that mount NTFS filesystems

Technical summary

The NTFS3 filesystem driver in the Linux kernel contains a memory leak in ntfs_fill_super(). The function incorrectly sets fc->fs_private to NULL before the memory it points to (ntfs_mount_options) can be freed. This prevents ntfs_fs_free() from performing cleanup, causing kmemleak-detectable memory leaks during mount operations. The vulnerability is triggered when mounting NTFS filesystems. The fix removes the unnecessary NULL assignment and uses put_mount_options() for proper resource cleanup.

Defensive priority

medium

Recommended defensive actions

• Apply the kernel patch from the stable tree commits to remove the premature NULL assignment and implement proper cleanup using put_mount_options()
• Monitor systems for kmemleak reports indicating unreferenced ntfs_mount_options allocations
• Review custom NTFS mount handling code for similar premature pointer nullification patterns
• Ensure kernel memory leak detection (kmemleak) is enabled in testing environments to catch similar issues

Evidence notes

The vulnerability is documented in the Linux kernel stable tree commits. The kmemleak report shows unreferenced memory allocation during mount operations. The fix removes the premature NULL assignment to fc->fs_private and replaces open-coded cleanup with put_mount_options().

Official resources