CVE-2025-68266

NONE EPSS 5.7%
Published Dec 16, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 16, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes" field loaded from disk are corrupted. A documentation says that BFS uses only lower 9 bits of the "mode" field. But I can't find an explicit explanation that the unused upper 23 bits (especially, the S_IFMT bits) are initialized with 0. Therefore, ignore the S_IFMT bits of the "mode" field loaded from disk. Also, verify that the value of the "attributes" field loaded from disk is either BFS_VREG or BFS_VDIR (because BFS supports only regular files and the root directory).

Threat Intelligence

EPSS Exploit Probability
5.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 7

  • git.kernel.org https://git.kernel.org/stable/c/34ab4c75588c07cca12884f2bf6b0347c7a13872
  • git.kernel.org https://git.kernel.org/stable/c/77899444d46162aeb65f229590c26ba266864223
  • git.kernel.org https://git.kernel.org/stable/c/8f73336b75bd3457b6f9410f2a0601a238f32238
  • git.kernel.org https://git.kernel.org/stable/c/a8cb796e7e2cb7971311ba236922f5e7e1be77e6
  • git.kernel.org https://git.kernel.org/stable/c/a9f626396bfe66f49b743601e862767928237cc0
  • git.kernel.org https://git.kernel.org/stable/c/aeccd6743ee4fdd1ab8cfcbb5b9a20b613418f6d
  • git.kernel.org https://git.kernel.org/stable/c/d0c5ec1f57d8fbb953f166a27d9d32473dc8f3e4

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.