Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-45960— hfsplus: return error when node already exists in hfs_bnode_create

AI Predicted 7.8 Difficulty: Moderate EPSS 0.03% · P10

Possible ATT&CK Techniques 1AI

T1496 · Resource Hijacking

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux634725a92938b0f282b17cec0b007dca77adebd2< 1ca428769cb4737a25bd32fb4d1573cc09eeaeefaffected
634725a92938b0f282b17cec0b007dca77adebd2< 507a1de58c21c95ad7c44afccaf1222d1c42246baffected
634725a92938b0f282b17cec0b007dca77adebd2< 986455135b95f32c1f142068e451098fc751749eaffected
634725a92938b0f282b17cec0b007dca77adebd2< 7b57ada854b32310f224abd61bcfec2d5790ff0aaffected
634725a92938b0f282b17cec0b007dca77adebd2< 51838112d9c22502333c3085ca0c0d691e7093c6affected
634725a92938b0f282b17cec0b007dca77adebd2< 2e6ff6a6fc69cc17ed10c9cb6242935d52acd52daffected
634725a92938b0f282b17cec0b007dca77adebd2< 2e9185a42e0e237c74435fd092b7c34537c62156affected
634725a92938b0f282b17cec0b007dca77adebd2< d8a73cc46c8462a969a7516131feb3096f4c49d3affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45960

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
hfsplus: return error when node already exists in hfs_bnode_create
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs_bnode_create When hfs_bnode_create() finds that a node is already hashed (which should not happen in normal operation), it currently returns the existing node without incrementing its reference count. This causes a reference count inconsistency that leads to a kernel panic when the node is later freed in hfs_bnode_put(): kernel BUG at fs/hfsplus/bnode.c:676! BUG_ON(!atomic_read(&node->refcnt)) This scenario can occur when hfs_bmap_alloc() attempts to allocate a node that is already in use (e.g., when node 0's bitmap bit is incorrectly unset), or due to filesystem corruption. Returning an existing node from a create path is not normal operation. Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's already hashed. This properly signals the error condition to callers, which already check for IS_ERR() return values.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于hfsplus文件系统中hfs_bnode_create()函数在节点已存在时返回节点而未增加引用计数,可能导致引用计数不一致并引发内核崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 634725a92938b0f282b17cec0b007dca77adebd2 ~ 1ca428769cb4737a25bd32fb4d1573cc09eeaeef -
LinuxLinux 2.6.16 -

II. Public POCs for CVE-2026-45960

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-45960

登录查看更多情报信息。

Patches & Fixes for CVE-2026-45960 (8)

Same Patch Batch · Linux · 2026-05-27 · 276 CVEs total

CVE-2026-460399.8 CRITICALrxgk: Fix potential integer overflow in length check
CVE-2026-458989.8 CRITICALRDMA/iwcm: Fix workqueue list corruption by removing work_list
CVE-2026-459889.8 CRITICALrxrpc: Fix re-decryption of RESPONSE packets
CVE-2026-459729.8 CRITICALsmb: client: fix potential UAF and double free in smb2_open_file()
CVE-2026-460439.1 CRITICALRDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
CVE-2026-460568.8 HIGHBluetooth: hci_event: fix potential UAF in SSP passkey handlers
CVE-2026-459458.8 HIGHiommu/vt-d: Fix race condition during PASID entry replacement
CVE-2026-458438.2 HIGHslip: bound decode() reads against the compressed packet length
CVE-2026-460378.2 HIGHipv4: icmp: validate reply type before using icmp_pointers
CVE-2026-460108.1 HIGHrxrpc: Fix error handling in rxgk_extract_token()
CVE-2026-460998.1 HIGHnet: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
CVE-2026-460767.9 HIGHKVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
CVE-2026-458947.8 HIGHiommu/vt-d: Clear Present bit before tearing down PASID entry
CVE-2026-459597.8 HIGHcrypto: ccp - Fix a crash due to incorrect cleanup usage of kfree
CVE-2026-460117.8 HIGHmedia: mtk-jpeg: fix use-after-free in release path due to uncancelled work
CVE-2026-460157.8 HIGHtcp: call sk_data_ready() after listener migration
CVE-2026-458527.8 HIGHRDMA/rxe: Fix double free in rxe_srq_from_init
CVE-2026-460587.8 HIGHmedia: amphion: Fix race between m2m job_abort and device_run
CVE-2026-458617.8 HIGHgfs2: Fix slab-use-after-free in qd_put
CVE-2026-460537.8 HIGHnet: rds: fix MR cleanup on copy error

Showing top 20 of 276 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-45960

No comments yet

Leave a comment