CVE-2025-68789

Jan. 14, 2026, 4:26 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free. Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/533ead425f8109b02fecc7e72d612b8898ec347a
https://git.kernel.org/stable/c/5aa2139201667c1f644601e4529c4acd6bf8db5a
https://git.kernel.org/stable/c/68d62e5bebbd118b763e8bb210d5cf2198ef450c
https://git.kernel.org/stable/c/6946c726c3f4c36f0f049e6f97e88c510b15f65d
https://git.kernel.org/stable/c/fa37adcf1d564ef58b9dfb01b6c36d35c5294bad

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-01-13
CVE-2025-68789

Timeline

Published: Jan. 13, 2026, 4:15 p.m.
Last Modified: Jan. 14, 2026, 4:26 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.