CVE Catalog

CVE-2026-45960

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel in the hfs_bnode_create function, which returns an existing node without incrementing its reference count. This can lead to reference count inconsistency and kernel panic when the node is later freed.

Risk Assessment

This vulnerability may lead to operating system crashes, potentially resulting in data loss and service downtime.

Recommendation

It is recommended to update the Linux kernel to a version that includes a fix for this vulnerability to avoid issues with node management in the filesystem.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs_bnode_create When hfs_bnode_create() finds that a node is already hashed (which should not happen in normal operation), it currently returns the existing node without incrementing its reference count. This causes a reference count inconsistency that leads to a kernel panic when the node is later freed in hfs_bnode_put(): kernel BUG at fs/hfsplus/bnode.c:676! BUG_ON(!atomic_read(&node->refcnt)) This scenario can occur when hfs_bmap_alloc() attempts to allocate a node that is already in use (e.g., when node 0's bitmap bit is incorrectly unset), or due to filesystem corruption. Returning an existing node from a create path is not normal operation. Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's already hashed. This properly signals the error condition to callers, which already check for IS_ERR() return values.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS