5.5

CVE-2026-45960

hfsplus: return error when node already exists in hfs_bnode_create

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: return error when node already exists in hfs_bnode_create

When hfs_bnode_create() finds that a node is already hashed (which should
not happen in normal operation), it currently returns the existing node
without incrementing its reference count. This causes a reference count
inconsistency that leads to a kernel panic when the node is later freed
in hfs_bnode_put():

    kernel BUG at fs/hfsplus/bnode.c:676!
    BUG_ON(!atomic_read(&node->refcnt))

This scenario can occur when hfs_bmap_alloc() attempts to allocate a node
that is already in use (e.g., when node 0's bitmap bit is incorrectly
unset), or due to filesystem corruption.

Returning an existing node from a create path is not normal operation.

Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's
already hashed. This properly signals the error condition to callers,
which already check for IS_ERR() return values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.16.1 < 5.10.252
LinuxLinux Kernel Version >= 5.11 < 5.15.202
LinuxLinux Kernel Version >= 5.16 < 6.1.165
LinuxLinux Kernel Version >= 6.2 < 6.6.128
LinuxLinux Kernel Version >= 6.7 < 6.12.75
LinuxLinux Kernel Version >= 6.13 < 6.18.14
LinuxLinux Kernel Version >= 6.19 < 6.19.4
LinuxLinux Kernel Version2.6.16 Update-
LinuxLinux Kernel Version2.6.16 Updaterc2
LinuxLinux Kernel Version2.6.16 Updaterc3
LinuxLinux Kernel Version2.6.16 Updaterc4
LinuxLinux Kernel Version2.6.16 Updaterc5
LinuxLinux Kernel Version2.6.16 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
Patch
https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
Patch
https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
Patch
https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
Patch
https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
Patch
https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
Patch
https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
Patch
https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3
Patch