-
CVE-2025-68788
- EPSS 0.03%
- Veröffentlicht 13.01.2026 15:29:01
- Zuletzt bearbeitet 19.01.2026 13:16:13
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the same user to subscribe for watching events on children when the user has access to the parent directory (e.g. /dev). Users with no read access to a file but with read access to its parent directory can still stat the file and see if it was accessed/modified via atime/mtime change. The same is not true for special files (e.g. /dev/null). Users will not generally observe atime/mtime changes when other users read/write to special files, only when someone sets atime/mtime via utimensat(). Align fsnotify events with this stat behavior and do not generate ACCESS/MODIFY events to parent watchers on read/write of special files. The events are still generated to parent watchers on utimensat(). This closes some side-channels that could be possibly used for information exfiltration [1]. [1] https://snee.la/pdf/pubs/file-notification-attacks.pdf
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
df2711544b050aba703e6da418c53c7dc5d443ca
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
Version <
859bdf438f01d9aa7f84b09c1202d548c7cad9e8
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
Version <
6a7d7d96eeeab7af2bd01afbb3d9878a11a13d91
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
Version <
e0643d46759db8b84c0504a676043e5e341b6c81
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
Version <
82f7416bcbd951549e758d15fc1a96a5afc2e900
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
Version <
7a93edb23bcf07a3aaf8b598edfc2faa8fbcc0b6
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
Version <
635bc4def026a24e071436f4f356ea08c0eed6ff
Version
72acc854427948efed7a83da27f7dc3239ac9afc
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.36
Status
affected
Version <
2.6.36
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.248
Status
unaffected
Version <=
5.15.*
Version
5.15.198
Status
unaffected
Version <=
6.1.*
Version
6.1.160
Status
unaffected
Version <=
6.6.*
Version
6.6.120
Status
unaffected
Version <=
6.12.*
Version
6.12.64
Status
unaffected
Version <=
6.18.*
Version
6.18.3
Status
unaffected
Version <=
*
Version
6.19-rc2
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|