What is CVE-2025-71067?

CVE-2025-71067 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15 onward and patched in 6.1.167, 6.6.120, 6.12.64 and others. CVE-2025-71067 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-71067?

CVE-2025-71067 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-71067?

Yes, CVE-2025-71067 has been patched. Fixed versions include 6.1.167, 6.6.120, 6.12.64 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-71067 actively exploited?

CVE-2025-71067 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-71067

In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read the boot_block without being defined or validated. Set a dummy blocksize before attempting to read the boot_block. The issue can be triggered with the following syz reproducer: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x121403, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40081271, &(0x7f0000000980)=0x4000) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0) syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) Here, the ioctl sets the bdev block size to 16384. During mount, get_tree_bdev_flags() calls sb_set_blocksize(sb, block_size(bdev)), but since block_size(bdev) > PAGE_SIZE, sb_set_blocksize() leaves sb->s_blocksize at zero. Later, ntfs_init_from_boot() attempts to read the boot_block while sb->s_blocksize is still zero, which triggers the bug. [[email protected]: changed comment style, added return value handling]

Package Linux Kernel

Published 2026-01-13

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.15 and later are affected. Fixed in 6.1.167, 6.6.120, 6.12.64, 6.18.3, 6.19 and their respective stable series.

Affected from

≥ 5.15

Fixed in

✓ 6.1.167 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.64 6.12.x ✓ 6.18.3 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-71067 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0c9327c8abf9c8f046e45008bb43d94d8ee5c6c5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/44a38eb4f7876513db5a1bccde74de9bc4389d43
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4fff9a625da958a33191c8553a03283786f9f417
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-71067?

CVE-2025-71067 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 6.1.167, 6.6.120, 6.12.64 and others. CVE-2025-71067 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-71067?

Yes — CVE-2025-71067 has been patched. Fixed versions include 6.1.167, 6.6.120, 6.12.64 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-71067 actively exploited?

No — CVE-2025-71067 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.