CVE-2025-68820

Jan. 14, 2026, 4:26 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all() lacks error checking, this will lead to a null pointer dereference in ext4_raw_inode(), called right after ext4_get_inode_loc(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • Ext4
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
a linux ext4 / / / / / / / /

References

https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f
https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2
https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec
https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14
https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-01-13
CVE-2025-68820

Timeline

Published: Jan. 13, 2026, 4:16 p.m.
Last Modified: Jan. 14, 2026, 4:26 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.