-

CVE-2025-68767

EPSS 0.02%
Veröffentlicht 13.01.2026 15:28:46
Zuletzt bearbeitet 19.01.2026 13:16:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: Verify inode mode when loading from disk

syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted.

According to [1], the permissions field was treated as reserved in Mac OS
8 and 9. According to [2], the reserved field was explicitly initialized
with 0, and that field must remain 0 as long as reserved. Therefore, when
the "mode" field is not 0 (i.e. no longer reserved), the file must be
S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/
S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 6f768724aabd5b321c5b8f15acdca11e4781cf32

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d92333c7a35856e419500e7eed72dac1afa404a5

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 001f44982587ad462b3002ee40c75e8df67d597d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 05ec9af3cc430683c97f76027e1c55ac6fd25c59

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < edfb2e602b5ba5ca6bf31cbac20b366efb72b156

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 91f114bffa36ce56d0e1f60a0a44fc09baaefc79

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 005d4b0d33f6b4a23d382b7930f7a96b95b01f39

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version < 2.6.12

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d

https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59

https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156

https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79

https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39

https://git.kernel.org/stable/c/6f768724aabd5b321c5b8f15acdca11e4781cf32

https://git.kernel.org/stable/c/d92333c7a35856e419500e7eed72dac1afa404a5

https://nvd.nist.gov/vuln/detail/CVE-2025-68767

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68767

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68767

EUVD