CVE-2026-45960

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hfsplus: return error when node already exists in hfs_bnode_create<br /> <br /> When hfs_bnode_create() finds that a node is already hashed (which should<br /> not happen in normal operation), it currently returns the existing node<br /> without incrementing its reference count. This causes a reference count<br /> inconsistency that leads to a kernel panic when the node is later freed<br /> in hfs_bnode_put():<br /> <br /> kernel BUG at fs/hfsplus/bnode.c:676!<br /> BUG_ON(!atomic_read(&amp;node-&gt;refcnt))<br /> <br /> This scenario can occur when hfs_bmap_alloc() attempts to allocate a node<br /> that is already in use (e.g., when node 0&amp;#39;s bitmap bit is incorrectly<br /> unset), or due to filesystem corruption.<br /> <br /> Returning an existing node from a create path is not normal operation.<br /> <br /> Fix this by returning ERR_PTR(-EEXIST) instead of the node when it&amp;#39;s<br /> already hashed. This properly signals the error condition to callers,<br /> which already check for IS_ERR() return values.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.16.1 (including) 5.10.252 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.202 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.128 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.75 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 6.19.4 (excluding)
cpe:2.3:o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*