{"id":"CVE-2025-68820","summary":"ext4: xattr: fix null pointer deref in ext4_raw_inode()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: xattr: fix null pointer deref in ext4_raw_inode()\n\nIf ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED),\niloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all()\nlacks error checking, this will lead to a null pointer dereference\nin ext4_raw_inode(), called right after ext4_get_inode_loc().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.","modified":"2026-04-16T04:31:49.389026734Z","published":"2026-01-13T15:29:23.351Z","related":["SUSE-SU-2026:0447-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68820.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68820.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68820"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3"},{"fixed":"b72a3476f0c97d02f63a6e9fff127348d55436f6"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f737418b6de31c962c7192777ee4018906975383"},{"fixed":"3d8d22e75f7edfa0b30ff27330fd6a1285d594c3"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cf9291a3449b04688b81e32621e88de8f4314b54"},{"fixed":"190ad0f22ba49f1101182b80e3af50ca2ddfe72f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"362a90cecd36e8a5c415966d0b75b04a0270e4dd"},{"fixed":"b5d942922182e82724b7152cb998f540132885ec"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"eb59cc31b6ea076021d14b04e7faab1636b87d0e"},{"fixed":"5b154e901fda2e98570b8f426a481f5740097dc2"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c8e008b60492cf6fd31ef127aea6d02fd3d314cd"},{"fixed":"ce5f54c065a4a7cbb92787f4f140917112350142"},{"fixed":"b97cb7d6a051aa6ebd57906df0e26e9e36c26d14"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"6aff941cb0f7d0c897c3698ad2e30672709135e3"},{"last_affected":"3bc6317033f365ce578eb6039445fb66162722fd"},{"last_affected":"836e625b03a666cf93ff5be328c8cb30336db872"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68820.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68820.json"}}],"schema_version":"1.7.5"}