CVE-2026-45960

MEDIUM EPSS 2.4%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs_bnode_create When hfs_bnode_create() finds that a node is already hashed (which should not happen in normal operation), it currently returns the existing node without incrementing its reference count. This causes a reference count inconsistency that leads to a kernel panic when the node is later freed in hfs_bnode_put(): kernel BUG at fs/hfsplus/bnode.c:676! BUG_ON(!atomic_read(&node->refcnt)) This scenario can occur when hfs_bmap_alloc() attempts to allocate a node that is already in use (e.g., when node 0's bitmap bit is incorrectly unset), or due to filesystem corruption. Returning an existing node from a create path is not normal operation. Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's already hashed. This properly signals the error condition to callers, which already check for IS_ERR() return values.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥2.6.16.1  –  <5.10.252
linuxlinux_kernel*≥5.11  –  <5.15.202
linuxlinux_kernel*≥5.16  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.14
linuxlinux_kernel*≥6.19  –  <6.19.4
linuxlinux_kernel2.6.16any
linuxlinux_kernel2.6.16any
linuxlinux_kernel2.6.16any
linuxlinux_kernel2.6.16any
linuxlinux_kernel2.6.16any
linuxlinux_kernel2.6.16any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3
    Patch