{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68820","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.048Z","datePublished":"2026-01-13T15:29:23.351Z","dateUpdated":"2026-05-11T21:53:57.228Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:53:57.228Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: xattr: fix null pointer deref in ext4_raw_inode()\n\nIf ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED),\niloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all()\nlacks error checking, this will lead to a null pointer dereference\nin ext4_raw_inode(), called right after ext4_get_inode_loc().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/xattr.c"],"versions":[{"version":"76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3","lessThan":"b72a3476f0c97d02f63a6e9fff127348d55436f6","status":"affected","versionType":"git"},{"version":"f737418b6de31c962c7192777ee4018906975383","lessThan":"3d8d22e75f7edfa0b30ff27330fd6a1285d594c3","status":"affected","versionType":"git"},{"version":"cf9291a3449b04688b81e32621e88de8f4314b54","lessThan":"190ad0f22ba49f1101182b80e3af50ca2ddfe72f","status":"affected","versionType":"git"},{"version":"362a90cecd36e8a5c415966d0b75b04a0270e4dd","lessThan":"b5d942922182e82724b7152cb998f540132885ec","status":"affected","versionType":"git"},{"version":"eb59cc31b6ea076021d14b04e7faab1636b87d0e","lessThan":"5b154e901fda2e98570b8f426a481f5740097dc2","status":"affected","versionType":"git"},{"version":"c8e008b60492cf6fd31ef127aea6d02fd3d314cd","lessThan":"ce5f54c065a4a7cbb92787f4f140917112350142","status":"affected","versionType":"git"},{"version":"c8e008b60492cf6fd31ef127aea6d02fd3d314cd","lessThan":"b97cb7d6a051aa6ebd57906df0e26e9e36c26d14","status":"affected","versionType":"git"},{"version":"6aff941cb0f7d0c897c3698ad2e30672709135e3","status":"affected","versionType":"git"},{"version":"3bc6317033f365ce578eb6039445fb66162722fd","status":"affected","versionType":"git"},{"version":"836e625b03a666cf93ff5be328c8cb30336db872","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/xattr.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.64","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.3","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.237","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.181","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.135","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.88","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.24","versionEndExcluding":"6.12.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6"},{"url":"https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3"},{"url":"https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f"},{"url":"https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec"},{"url":"https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2"},{"url":"https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142"},{"url":"https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14"}],"title":"ext4: xattr: fix null pointer deref in ext4_raw_inode()","x_generator":{"engine":"bippy-1.2.0"}}}}