CVE-2025-68761
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-05

Last updated on: 2026-01-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so flip these two lines around.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-08
Generated
2026-05-07
AI Q&A
2026-01-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68761
EUVD
EUVD-2026-0886
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the Linux kernel's HFS filesystem code, specifically in the function hfs_correct_next_unused_CNID(). The code incorrectly calls hfs_bnode_put(node), which decreases the reference count and potentially frees the node, but then continues to dereference the node on the next line without ensuring it is still valid. This can lead to accessing freed memory, causing instability or security issues. The fix involves reordering the code to ensure the node is only used while a valid reference is held.


How can this vulnerability impact me? :

This vulnerability can lead to use-after-free conditions in the Linux kernel, which may cause system crashes, data corruption, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited. It affects the stability and security of systems running vulnerable versions of the Linux kernel with HFS filesystem support.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart