FKIE_CVE-2026-45960

Vulnerability from fkie_nvd - Published: 2026-05-27 14:17 - Updated: 2026-05-27 14:48
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs_bnode_create When hfs_bnode_create() finds that a node is already hashed (which should not happen in normal operation), it currently returns the existing node without incrementing its reference count. This causes a reference count inconsistency that leads to a kernel panic when the node is later freed in hfs_bnode_put(): kernel BUG at fs/hfsplus/bnode.c:676! BUG_ON(!atomic_read(&node->refcnt)) This scenario can occur when hfs_bmap_alloc() attempts to allocate a node that is already in use (e.g., when node 0's bitmap bit is incorrectly unset), or due to filesystem corruption. Returning an existing node from a create path is not normal operation. Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's already hashed. This properly signals the error condition to callers, which already check for IS_ERR() return values.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: return error when node already exists in hfs_bnode_create\n\nWhen hfs_bnode_create() finds that a node is already hashed (which should\nnot happen in normal operation), it currently returns the existing node\nwithout incrementing its reference count. This causes a reference count\ninconsistency that leads to a kernel panic when the node is later freed\nin hfs_bnode_put():\n\n    kernel BUG at fs/hfsplus/bnode.c:676!\n    BUG_ON(!atomic_read(\u0026node-\u003erefcnt))\n\nThis scenario can occur when hfs_bmap_alloc() attempts to allocate a node\nthat is already in use (e.g., when node 0\u0027s bitmap bit is incorrectly\nunset), or due to filesystem corruption.\n\nReturning an existing node from a create path is not normal operation.\n\nFix this by returning ERR_PTR(-EEXIST) instead of the node when it\u0027s\nalready hashed. This properly signals the error condition to callers,\nwhich already check for IS_ERR() return values."
    }
  ],
  "id": "CVE-2026-45960",
  "lastModified": "2026-05-27T14:48:03.013",
  "metrics": {},
  "published": "2026-05-27T14:17:12.650",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.