CVE-2025-68761

Summary

In the Linux kernel, the following vulnerability has been resolved:

hfs: fix potential use after free in hfs_correct_next_unused_CNID()

This code calls hfs_bnode_put(node) which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so flip these two lines around.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa06ec283e125e334155fe13005c76c9f484ce759 < 40a1e0142096dd7dd6cb5373841222b528698588affected
LinuxLinuxa06ec283e125e334155fe13005c76c9f484ce759 < c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08affected
LinuxLinux6.18affected
LinuxLinux0 < 6.18unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References