CVE-2025-68789

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The ibmpex high low store() function in the Linux kernel does not validate driver data retrieved using dev get drvdata(). This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to a use-after-free issue. The fix involves adding a NULL check after dev get drvdata() and reordering operations in the deletion path to prevent TOCTOU (Time-of-Check to Time-of-Use).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

BDU:2026-00732

CVE-2025-68789

ECHO-A798-22A8-66DD

MGASA-2026-0017

MGASA-2026-0018

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

CVE-2025-68789

Weakness Enumeration

Related Identifiers

Affected Products

References · 1617