SB20260528121 - Improper update of reference count in Linux kernel hfsplus
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper update of reference count (CVE-ID: CVE-2026-45960)
CWE-ID: CWE-911 - Improper Update of Reference Count
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper reference count handling in hfs_bnode_create() when creating a btree node on a corrupted hfsplus filesystem. A local user can trigger node allocation for an already hashed node to cause a denial of service.
This can occur if filesystem corruption causes a node that is already in use to appear available.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
- https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
- https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
- https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
- https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
- https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
- https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
- https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3