CVE-2025-68789

Sažetak

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free. Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.

Reference

https://git.kernel.org/stable/c/3ce9b7ae9d4d148672b35147aaf7987a4f82bb94
https://git.kernel.org/stable/c/533ead425f8109b02fecc7e72d612b8898ec347a
https://git.kernel.org/stable/c/5aa2139201667c1f644601e4529c4acd6bf8db5a
https://git.kernel.org/stable/c/68d62e5bebbd118b763e8bb210d5cf2198ef450c
https://git.kernel.org/stable/c/6946c726c3f4c36f0f049e6f97e88c510b15f65d
https://git.kernel.org/stable/c/fa37adcf1d564ef58b9dfb01b6c36d35c5294bad

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

19-01-2026 - 13:16

Objavljeno

13-01-2026 - 16:15