CVE-2025-68761

Linux Kernel - Use-After-Free in hfs_correct_next_unused_CNID

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so flip these two lines around.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/40a1e0142096dd7dd6cb5373841222b528698588

Patch

https://git.kernel.org/stable/c/c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08

Scores

EPSS 0.0003

EPSS Percentile 10.8%

Details

Status published

Products (7)

linux/Kernel 6.18.0 - 6.18.2linux

Linux/Linux < 6.18

Linux/Linux 6.18

Linux/Linux 6.18.2 - 6.18.*

Linux/Linux 6.19

Linux/Linux a06ec283e125e334155fe13005c76c9f484ce759 - 40a1e0142096dd7dd6cb5373841222b528698588

Linux/Linux a06ec283e125e334155fe13005c76c9f484ce759 - c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08

Published Jan 05, 2026

Tracked Since Feb 18, 2026