Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is not 0 (i.e. no longer reserved), the file must be S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/ S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.

INFO

Published Date :

2026-01-13T15:28:46.382Z

Last Modified :

2026-01-19T12:18:50.036Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68767 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68767.

URL Resource
https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d cve-icon cve-icon
https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39 cve-icon cve-icon
https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59 cve-icon cve-icon
https://git.kernel.org/stable/c/6f768724aabd5b321c5b8f15acdca11e4781cf32 cve-icon cve-icon
https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79 cve-icon cve-icon
https://git.kernel.org/stable/c/d92333c7a35856e419500e7eed72dac1afa404a5 cve-icon cve-icon
https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011353-CVE-2025-68767-cd16@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68767 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68767 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System