CVE-2025-68266

Linux Kernel - Unauthenticated Denial of Service via Corrupted BFS Filesystem Metadata

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes" field loaded from disk are corrupted. A documentation says that BFS uses only lower 9 bits of the "mode" field. But I can't find an explicit explanation that the unused upper 23 bits (especially, the S_IFMT bits) are initialized with 0. Therefore, ignore the S_IFMT bits of the "mode" field loaded from disk. Also, verify that the value of the "attributes" field loaded from disk is either BFS_VREG or BFS_VDIR (because BFS supports only regular files and the root directory).

References (7)

Core 7

Scores

EPSS 0.0006
EPSS Percentile 18.2%

Details

Status published
Products (22)
linux/Kernel 2.6.12 - 5.10.248linux
linux/Kernel 5.11.0 - 5.15.198linux
linux/Kernel 5.16.0 - 6.1.160linux
linux/Kernel 6.13.0 - 6.17.12linux
linux/Kernel 6.2.0 - 6.6.120linux
linux/Kernel 6.7.0 - 6.12.62linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 34ab4c75588c07cca12884f2bf6b0347c7a13872
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 77899444d46162aeb65f229590c26ba266864223
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 8f73336b75bd3457b6f9410f2a0601a238f32238
... and 12 more
Published Dec 16, 2025
Tracked Since Feb 18, 2026