CVE-2025-68820

Linux Kernel <5.10.248, 5.11.0-6.18.3 - ext4_raw_inode() Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all() lacks error checking, this will lead to a null pointer dereference in ext4_raw_inode(), called right after ext4_get_inode_loc(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2

Patch

https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142

Patch

https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14

Patch

https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6

Patch

https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3

Patch

https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f

Patch

https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec

Scores

EPSS 0.0007

EPSS Percentile 21.0%

Details

Status published

Products (33)

linux/Kernel < 5.10.248linux

linux/Kernel 5.11.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.160linux

linux/Kernel 6.13.0 - 6.18.3linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.64linux

Linux/Linux < 6.15

Linux/Linux 362a90cecd36e8a5c415966d0b75b04a0270e4dd - b5d942922182e82724b7152cb998f540132885ec

Linux/Linux 3bc6317033f365ce578eb6039445fb66162722fd

Linux/Linux 5.10.237 - 5.10.248

... and 23 more

Published Jan 13, 2026

Tracked Since Feb 18, 2026