CVE-2025-68784 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchk_setup_xattr_buf function can allocate a new value buffer, which means that any reference to ab->value before the call could become a dangling pointer. Fix this by moving an assignment to after the buffer setup.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1e2d3aa19c7962b9474b22893160cb460494c45f
https://git.kernel.org/stable/c/5990fd756943836978ad184aac980e2b36ab7e01
https://git.kernel.org/stable/c/d29ed9ff972afe17c215cab171761d7a15d7063f

History

Tue, 13 Jan 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchk_setup_xattr_buf function can allocate a new value buffer, which means that any reference to ab->value before the call could become a dangling pointer. Fix this by moving an assignment to after the buffer setup.
Title		xfs: fix a UAF problem in xattr repair
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1e2d3aa19c7962b9474b22893160cb460494c45f https://git.kernel.org/stable/c/5990fd756943836978ad184aac980e2b36ab7e01 https://git.kernel.org/stable/c/d29ed9ff972afe17c215cab171761d7a15d7063f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-01-13T15:28:58.255Z

Updated: 2026-01-13T15:28:58.255Z

Reserved: 2025-12-24T10:30:51.036Z

Link: CVE-2025-68784

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-13T16:15:58.117

Modified: 2026-01-13T16:15:58.117

Link: CVE-2025-68784

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68784", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:30:51.036Z", "datePublished": "2026-01-13T15:28:58.255Z", "dateUpdated": "2026-01-13T15:28:58.255Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-01-13T15:28:58.255Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix a UAF problem in xattr repair\n\nThe xchk_setup_xattr_buf function can allocate a new value buffer, which\nmeans that any reference to ab->value before the call could become a\ndangling pointer. Fix this by moving an assignment to after the buffer\nsetup."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/scrub/attr_repair.c"], "versions": [{"version": "e47dcf113ae348678143cc935a1183059c02c9ad", "lessThan": "1e2d3aa19c7962b9474b22893160cb460494c45f", "status": "affected", "versionType": "git"}, {"version": "e47dcf113ae348678143cc935a1183059c02c9ad", "lessThan": "d29ed9ff972afe17c215cab171761d7a15d7063f", "status": "affected", "versionType": "git"}, {"version": "e47dcf113ae348678143cc935a1183059c02c9ad", "lessThan": "5990fd756943836978ad184aac980e2b36ab7e01", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/scrub/attr_repair.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.19-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1e2d3aa19c7962b9474b22893160cb460494c45f"}, {"url": "https://git.kernel.org/stable/c/d29ed9ff972afe17c215cab171761d7a15d7063f"}, {"url": "https://git.kernel.org/stable/c/5990fd756943836978ad184aac980e2b36ab7e01"}], "title": "xfs: fix a UAF problem in xattr repair", "x_generator": {"engine": "bippy-1.2.0"}}}}