CVE-2025-68761

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-68761

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68761.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68761

Downstream

UBUNTU-CVE-2025-68761

Published

2026-01-05T09:32:33.814Z

Modified

2026-01-06T03:20:47.935929Z

Summary

hfs: fix potential use after free in hfs_correct_next_unused_CNID()

Details

In the Linux kernel, the following vulnerability has been resolved:

hfs: fix potential use after free in hfscorrectnextunusedCNID()

This code calls hfsbnodeput(node) which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so flip these two lines around.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68761.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a06ec283e125e334155fe13005c76c9f484ce759

Fixed

40a1e0142096dd7dd6cb5373841222b528698588

Fixed

c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08

Affected versions

v6.*

v6.17

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.18

v6.18-rc1

v6.18-rc2

v6.18-rc3

v6.18-rc4

v6.18-rc5

v6.18-rc6

v6.18-rc7

v6.18.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68761.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68761.json"