-

CVE-2025-68266

EPSS 0.04%
Veröffentlicht 16.12.2025 14:47:06
Zuletzt bearbeitet 19.01.2026 13:16:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bfs: Reconstruct file type when loading from disk

syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 32bits "mode" field loaded from disk are corrupted
or when the 32bits "attributes" field loaded from disk are corrupted.

A documentation says that BFS uses only lower 9 bits of the "mode" field.
But I can't find an explicit explanation that the unused upper 23 bits
(especially, the S_IFMT bits) are initialized with 0.

Therefore, ignore the S_IFMT bits of the "mode" field loaded from disk.
Also, verify that the value of the "attributes" field loaded from disk is
either BFS_VREG or BFS_VDIR (because BFS supports only regular files and
the root directory).

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d0c5ec1f57d8fbb953f166a27d9d32473dc8f3e4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < aeccd6743ee4fdd1ab8cfcbb5b9a20b613418f6d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 8f73336b75bd3457b6f9410f2a0601a238f32238

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < a9f626396bfe66f49b743601e862767928237cc0

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 77899444d46162aeb65f229590c26ba266864223

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < a8cb796e7e2cb7971311ba236922f5e7e1be77e6

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 34ab4c75588c07cca12884f2bf6b0347c7a13872

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version < 2.6.12

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.62

Status unaffected

Version <= 6.17.*

Version 6.17.12

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/77899444d46162aeb65f229590c26ba266864223

https://git.kernel.org/stable/c/a8cb796e7e2cb7971311ba236922f5e7e1be77e6

https://git.kernel.org/stable/c/34ab4c75588c07cca12884f2bf6b0347c7a13872

https://git.kernel.org/stable/c/8f73336b75bd3457b6f9410f2a0601a238f32238

https://git.kernel.org/stable/c/a9f626396bfe66f49b743601e862767928237cc0

https://git.kernel.org/stable/c/aeccd6743ee4fdd1ab8cfcbb5b9a20b613418f6d

https://git.kernel.org/stable/c/d0c5ec1f57d8fbb953f166a27d9d32473dc8f3e4

https://nvd.nist.gov/vuln/detail/CVE-2025-68266

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68266

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68266

EUVD