CVE-2025-68789
Published: January 15, 2026Last modified: January 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free. Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.161-r0) |
| 25 LTS | linux-lts | Fixed (6.12.65-r0) | |
| Stream | linux-lts | Fixed (6.12.65-r0) |
References
- https://git.kernel.org/stable/c/3ce9b7ae9d4d148672b35147aaf7987a4f82bb94
- https://git.kernel.org/stable/c/533ead425f8109b02fecc7e72d612b8898ec347a
- https://git.kernel.org/stable/c/5aa2139201667c1f644601e4529c4acd6bf8db5a
- https://git.kernel.org/stable/c/68d62e5bebbd118b763e8bb210d5cf2198ef450c
- https://git.kernel.org/stable/c/6946c726c3f4c36f0f049e6f97e88c510b15f65d
- https://git.kernel.org/stable/c/fa37adcf1d564ef58b9dfb01b6c36d35c5294bad