Home

Description

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes" field loaded from disk are corrupted. A documentation says that BFS uses only lower 9 bits of the "mode" field. But I can't find an explicit explanation that the unused upper 23 bits (especially, the S_IFMT bits) are initialized with 0. Therefore, ignore the S_IFMT bits of the "mode" field loaded from disk. Also, verify that the value of the "attributes" field loaded from disk is either BFS_VREG or BFS_VDIR (because BFS supports only regular files and the root directory).

PUBLISHED Reserved 2025-12-16 | Published 2025-12-16 | Updated 2025-12-16 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 77899444d46162aeb65f229590c26ba266864223
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a8cb796e7e2cb7971311ba236922f5e7e1be77e6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 34ab4c75588c07cca12884f2bf6b0347c7a13872
affected

Default status
affected

6.12.62 (semver)
unaffected

6.17.12 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/77899444d46162aeb65f229590c26ba266864223

git.kernel.org/...c/a8cb796e7e2cb7971311ba236922f5e7e1be77e6

git.kernel.org/...c/34ab4c75588c07cca12884f2bf6b0347c7a13872

cve.org (CVE-2025-68266)

nvd.nist.gov (CVE-2025-68266)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.