CVE-2025-68266

CVSS v2.0

5.2

Medium

Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to file type reconstruction when loading from disk within the BFS filesystem. Specifically, the S IFMT bits of the inode->i mode can become invalid when the S IFMT bits of the "mode" field or the "attributes" field loaded from disk are corrupted. The BFS filesystem uses only the lower 9 bits of the "mode" field, and there is a lack of explicit documentation confirming that the unused upper 23 bits (including S IFMT) are initialized to zero. The issue arises because the system does not ignore the S IFMT bits of the "mode" field loaded from disk and does not verify that the "attributes" field is either BFS VREG or BFS VDIR.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2026-01345

CVE-2025-68266

ECHO-C712-6E8D-365F

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8152-1

USN-8163-1

USN-8163-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8243-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68266

Weakness Enumeration

Related Identifiers

Affected Products

References · 884