CVE-2025-68784
Description
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a UAF problem in xattr repair
The xchk_setup_xattr_buf function can allocate a new value buffer, which means that any reference to ab->value before the call could become a dangling pointer. Fix this by moving an assignment to after the buffer setup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Linux kernel XFS xattr repair due to dangling pointer; fixed by moving assignment after buffer setup.
Vulnerability
A use-after-free (UAF) vulnerability exists in the Linux kernel's XFS filesystem, specifically in the xchk_setup_xattr_buf function used during xattr repair. The function can allocate a new value buffer, which may invalidate any existing reference to ab->value, leaving a dangling pointer [1].
Exploitation
This bug is triggered during XFS xattr repair operations, requiring local access to the filesystem and the ability to invoke repair. No special privileges beyond those needed for repair are necessary, but the attacker must be able to influence the repair process.
Impact
A successful exploit could lead to memory corruption, potentially escalating to arbitrary code execution or system crash. The exact exploitability depends on memory layout and mitigations like KASLR.
Mitigation
The fix has been applied in the Linux kernel stable tree (commit d29ed9ff972afe17c215cab171761d7a15d7063f) [1]. Users are advised to update to a patched kernel version. No known workarounds exist.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.