CVE-2025-68767

NONE EPSS 7.0%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is not 0 (i.e. no longer reserved), the file must be S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/ S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.

Threat Intelligence

EPSS Exploit Probability
7.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 7

  • git.kernel.org https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d
  • git.kernel.org https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39
  • git.kernel.org https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59
  • git.kernel.org https://git.kernel.org/stable/c/6f768724aabd5b321c5b8f15acdca11e4781cf32
  • git.kernel.org https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79
  • git.kernel.org https://git.kernel.org/stable/c/d92333c7a35856e419500e7eed72dac1afa404a5
  • git.kernel.org https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.