Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free. Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.

INFO

Published Date :

2026-01-13T15:29:02.079Z

Last Modified :

2026-02-10T11:47:55.699Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68789 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68789.

URL Resource
https://git.kernel.org/stable/c/3ce9b7ae9d4d148672b35147aaf7987a4f82bb94
https://git.kernel.org/stable/c/533ead425f8109b02fecc7e72d612b8898ec347a
https://git.kernel.org/stable/c/5aa2139201667c1f644601e4529c4acd6bf8db5a
https://git.kernel.org/stable/c/68d62e5bebbd118b763e8bb210d5cf2198ef450c
https://git.kernel.org/stable/c/6946c726c3f4c36f0f049e6f97e88c510b15f65d
https://git.kernel.org/stable/c/fa37adcf1d564ef58b9dfb01b6c36d35c5294bad
https://lore.kernel.org/linux-cve-announce/2026011304-CVE-2025-68789-cca8@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68789 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68789 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact