Bug 2429066 (CVE-2025-68767) - CVE-2025-68767 kernel: hfsplus: Verify inode mode when loading from disk
Summary: CVE-2025-68767 kernel: hfsplus: Verify inode mode when loading from disk
Keywords:
Status: NEW
Alias: CVE-2025-68767
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-13 16:04 UTC by OSIDB Bzimport
Modified: 2026-01-15 10:13 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-13 16:04:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

hfsplus: Verify inode mode when loading from disk

syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted.

According to [1], the permissions field was treated as reserved in Mac OS
8 and 9. According to [2], the reserved field was explicitly initialized
with 0, and that field must remain 0 as long as reserved. Therefore, when
the "mode" field is not 0 (i.e. no longer reserved), the file must be
S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/
S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.
Comment 1 Jon Moroney 2026-01-15 01:49:12 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026011353-CVE-2025-68767-cd16@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.