CVE-2026-45960 Linux CVE debrief

Who should care

Linux system administrators running kernels with HFS+ support; security teams monitoring kernel stability; organizations using macOS-formatted storage on Linux systems

Technical summary

The hfs_bnode_create() function in fs/hfsplus/bnode.c fails to handle an edge case where a node already exists in the hash table. Instead of returning an error, it returns the existing node pointer without incrementing the reference count. When callers later invoke hfs_bnode_put(), the reference count drops to zero prematurely, triggering BUG_ON(!atomic_read(&node->refcnt)) and causing a kernel panic. The vulnerability is reachable through hfs_bmap_alloc() when bitmap allocation attempts to reuse an existing node, or through corrupted HFS+ filesystem structures. The fix changes the return value to ERR_PTR(-EEXIST) when a hashed node is encountered, allowing proper error propagation through existing IS_ERR() checks in calling code.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches when available through distribution security updates
• Monitor vendor security advisories for kernel updates addressing this HFS+ vulnerability
• Consider restricting or auditing HFS+ filesystem usage on critical systems until patched
• Review systems for unexpected kernel panics in HFS+ operations as potential exploitation indicators

Evidence notes

CVE description confirms kernel panic via BUG_ON at fs/hfsplus/bnode.c:676. Multiple stable kernel patches available. No CVSS score assigned; NVD status is 'Awaiting Analysis'.

Official resources