CVE-2025-68820

EPSS 0.07%
Veröffentlicht 13.01.2026 15:29:23
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ext4: xattr: fix null pointer deref in ext4_raw_inode()

In the Linux kernel, the following vulnerability has been resolved:

ext4: xattr: fix null pointer deref in ext4_raw_inode()

If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED),
iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all()
lacks error checking, this will lead to a null pointer dereference
in ext4_raw_inode(), called right after ext4_get_inode_loc().

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3

Version < b72a3476f0c97d02f63a6e9fff127348d55436f6

Status affected

Version f737418b6de31c962c7192777ee4018906975383

Version < 3d8d22e75f7edfa0b30ff27330fd6a1285d594c3

Status affected

Version cf9291a3449b04688b81e32621e88de8f4314b54

Version < 190ad0f22ba49f1101182b80e3af50ca2ddfe72f

Status affected

Version 362a90cecd36e8a5c415966d0b75b04a0270e4dd

Version < b5d942922182e82724b7152cb998f540132885ec

Status affected

Version eb59cc31b6ea076021d14b04e7faab1636b87d0e

Version < 5b154e901fda2e98570b8f426a481f5740097dc2

Status affected

Version c8e008b60492cf6fd31ef127aea6d02fd3d314cd

Version < ce5f54c065a4a7cbb92787f4f140917112350142

Status affected

Version c8e008b60492cf6fd31ef127aea6d02fd3d314cd

Version < b97cb7d6a051aa6ebd57906df0e26e9e36c26d14

Status affected

Version 6aff941cb0f7d0c897c3698ad2e30672709135e3

Status affected

Version 3bc6317033f365ce578eb6039445fb66162722fd

Status affected

Version 836e625b03a666cf93ff5be328c8cb30336db872

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version 0

Version < 6.15

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f

https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec

https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2

https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142

https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14

https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3

https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6

https://nvd.nist.gov/vuln/detail/CVE-2025-68820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68820

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-68820