CVE-2025-68820

EPSS 0.03%
Veröffentlicht 13.01.2026 15:29:23
Zuletzt bearbeitet 19.01.2026 13:16:15
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: xattr: fix null pointer deref in ext4_raw_inode()

If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED),
iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all()
lacks error checking, this will lead to a null pointer dereference
in ext4_raw_inode(), called right after ext4_get_inode_loc().

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b72a3476f0c97d02f63a6e9fff127348d55436f6

Version 76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3

Status affected

Version < 3d8d22e75f7edfa0b30ff27330fd6a1285d594c3

Version f737418b6de31c962c7192777ee4018906975383

Status affected

Version < 190ad0f22ba49f1101182b80e3af50ca2ddfe72f

Version cf9291a3449b04688b81e32621e88de8f4314b54

Status affected

Version < b5d942922182e82724b7152cb998f540132885ec

Version 362a90cecd36e8a5c415966d0b75b04a0270e4dd

Status affected

Version < 5b154e901fda2e98570b8f426a481f5740097dc2

Version eb59cc31b6ea076021d14b04e7faab1636b87d0e

Status affected

Version < ce5f54c065a4a7cbb92787f4f140917112350142

Version c8e008b60492cf6fd31ef127aea6d02fd3d314cd

Status affected

Version < b97cb7d6a051aa6ebd57906df0e26e9e36c26d14

Version c8e008b60492cf6fd31ef127aea6d02fd3d314cd

Status affected

Version 6aff941cb0f7d0c897c3698ad2e30672709135e3

Status affected

Version 3bc6317033f365ce578eb6039445fb66162722fd

Status affected

Version 836e625b03a666cf93ff5be328c8cb30336db872

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f

https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec

https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2

https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142

https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14

https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3

https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6

https://nvd.nist.gov/vuln/detail/CVE-2025-68820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68820

EUVD