CVE-2025-68789
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/01/2026
Last modified:
19/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
hwmon: (ibmpex) fix use-after-free in high/low store<br />
<br />
The ibmpex_high_low_store() function retrieves driver data using<br />
dev_get_drvdata() and uses it without validation. This creates a race<br />
condition where the sysfs callback can be invoked after the data<br />
structure is freed, leading to use-after-free.<br />
<br />
Fix by adding a NULL check after dev_get_drvdata(), and reordering<br />
operations in the deletion path to prevent TOCTOU.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3ce9b7ae9d4d148672b35147aaf7987a4f82bb94
- https://git.kernel.org/stable/c/533ead425f8109b02fecc7e72d612b8898ec347a
- https://git.kernel.org/stable/c/5aa2139201667c1f644601e4529c4acd6bf8db5a
- https://git.kernel.org/stable/c/68d62e5bebbd118b763e8bb210d5cf2198ef450c
- https://git.kernel.org/stable/c/6946c726c3f4c36f0f049e6f97e88c510b15f65d
- https://git.kernel.org/stable/c/fa37adcf1d564ef58b9dfb01b6c36d35c5294bad