CVE-2025-68774

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's HFS+ implementation related to concurrent operations involving sync() and link(). Specifically, the issue arises when multiple threads attempt to create a bnode simultaneously. Both threads may enter hfs bnode find() without locating the node in the hash table, leading to the creation of duplicate bnodes. This results in an incorrect reference count, triggering a bug check (BUG ON(!atomic read(&node->refcnt))). The root cause is the missing call to hfs bnode get() when reusing a bnode created by another thread, preventing the reference count from being updated correctly. The issue occurs during the execution of functions such as hfsplus write inode(), hfsplus write system inode(), hfs btree write(), hfs bnode find(), hfs bnode create(), hfsplus create cat(), hfs brec insert(), hfs bnode split(), and hfs bmap alloc(). The vulnerability is similar to a previously fixed bug in HFS. The vulnerable code section involves checking for the existence of a node in the hash table and creating a new one if it's not found, as shown in the code snippet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.