| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011353-CVE-2025-68767-cd16@gregkh> Date: Tue, 13 Jan 2026 16:28:53 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68767: hfsplus: Verify inode mode when loading from disk From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is not 0 (i.e. no longer reserved), the file must be S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/ S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0. The Linux kernel CVE team has assigned CVE-2025-68767 to this issue. Affected and fixed versions =========================== Fixed in 6.1.160 with commit 001f44982587ad462b3002ee40c75e8df67d597d Fixed in 6.6.120 with commit 05ec9af3cc430683c97f76027e1c55ac6fd25c59 Fixed in 6.12.64 with commit edfb2e602b5ba5ca6bf31cbac20b366efb72b156 Fixed in 6.18.3 with commit 91f114bffa36ce56d0e1f60a0a44fc09baaefc79 Fixed in 6.19-rc1 with commit 005d4b0d33f6b4a23d382b7930f7a96b95b01f39 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68767 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/hfsplus/inode.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59 https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156 https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79 https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39
Powered by blists - more mailing lists