CVE-2025-68771
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-01-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition in ocfs2_find_victim_chain() and panicking the kernel. To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(), just before calling ocfs2_find_victim_chain(), the code block in it being executed when either of the following conditions is true: 1. `cl_next_free_rec` is equal to 0, indicating that there are no free chains in the allocation chain list 2. `cl_next_free_rec` is greater than `cl_count` (the total number of chains in the allocation chain list) Either of them being true is indicative of the fact that there are no chains left for usage. This is addressed using ocfs2_error(), which prints the error log for debugging purposes, rather than panicking the kernel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-19
Generated
2026-05-27
AI Q&A
2026-01-14
EPSS Evaluated
2026-05-25
NVD
CVE-2025-68771
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle ocfs2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a kernel BUG in the Linux kernel's ocfs2 filesystem code, specifically in the function ocfs2_find_victim_chain(). It occurs because the cl_next_free_rec field, which indicates the next free slot in the allocation chain list, is 0 or invalid, triggering a kernel panic. The issue arises when there are no free chains left in the allocation chain list, causing the kernel to BUG_ON and crash. The fix involves adding a condition to check if cl_next_free_rec is 0 or greater than the total number of chains (cl_count), and instead of panicking, it logs an error for debugging.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to panic and crash when the ocfs2 filesystem encounters an invalid allocation chain state. This can lead to system instability, potential data loss, and downtime as the kernel stops functioning properly.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart