Description

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all() lacks error checking, this will lead to a null pointer dereference in ext4_raw_inode(), called right after ext4_get_inode_loc(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

INFO

Published Date :

2026-01-13T15:29:23.351Z

Last Modified :

2026-01-19T12:19:25.087Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68820 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68820.

URL Resource
https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f cve-icon cve-icon
https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3 cve-icon cve-icon
https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2 cve-icon cve-icon
https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec cve-icon cve-icon
https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6 cve-icon cve-icon
https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14 cve-icon cve-icon
https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011315-CVE-2025-68820-7a4f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68820 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68820 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact