CVE-2026-45960

0.0

hfsplus: return error when node already exists in hfs_bnode_create

Overview
Vulnerability Timeline

Overview

Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs_bnode_create When hfs_bnode_create() finds that a node is already hashed (which should not happen in normal operation), it currently returns the existing node without incrementing its reference count. This causes a reference count inconsistency that leads to a kernel panic when the node is later freed in hfs_bnode_put(): kernel BUG at fs/hfsplus/bnode.c:676! BUG_ON(!atomic_read(&node->refcnt)) This scenario can occur when hfs_bmap_alloc() attempts to allocate a node that is already in use (e.g., when node 0's bitmap bit is incorrectly unset), or due to filesystem corruption. Returning an existing node from a create path is not normal operation. Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's already hashed. This properly signals the error condition to callers, which already check for IS_ERR() return values.

Details

INFO

Published Date :

May 27, 2026, 2:17 p.m.

Last Modified :

May 27, 2026, 2:48 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Impact

Affected Products

The following products are affected by CVE-2026-45960 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Linux	linux_kernel

: Total Affected Vendor : 1 | Products : 1

Solution

Address kernel panic by properly signaling existing node errors during creation.

Apply the kernel patch addressing hfs_bnode_create behavior.
Ensure filesystem integrity to prevent node allocation errors.
Test the fix to confirm resolution of kernel panics.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-45960.

URL	Resource
https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-45960 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-45960 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-45960 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-45960 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

May. 27, 2026

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfs_bnode_create When hfs_bnode_create() finds that a node is already hashed (which should not happen in normal operation), it currently returns the existing node without incrementing its reference count. This causes a reference count inconsistency that leads to a kernel panic when the node is later freed in hfs_bnode_put(): kernel BUG at fs/hfsplus/bnode.c:676! BUG_ON(!atomic_read(&node->refcnt)) This scenario can occur when hfs_bmap_alloc() attempts to allocate a node that is already in use (e.g., when node 0's bitmap bit is incorrectly unset), or due to filesystem corruption. Returning an existing node from a create path is not normal operation. Fix this by returning ERR_PTR(-EEXIST) instead of the node when it's already hashed. This properly signals the error condition to callers, which already check for IS_ERR() return values.
Added	Reference	https://git.kernel.org/stable/c/1ca428769cb4737a25bd32fb4d1573cc09eeaeef
Added	Reference	https://git.kernel.org/stable/c/2e6ff6a6fc69cc17ed10c9cb6242935d52acd52d
Added	Reference	https://git.kernel.org/stable/c/2e9185a42e0e237c74435fd092b7c34537c62156
Added	Reference	https://git.kernel.org/stable/c/507a1de58c21c95ad7c44afccaf1222d1c42246b
Added	Reference	https://git.kernel.org/stable/c/51838112d9c22502333c3085ca0c0d691e7093c6
Added	Reference	https://git.kernel.org/stable/c/7b57ada854b32310f224abd61bcfec2d5790ff0a
Added	Reference	https://git.kernel.org/stable/c/986455135b95f32c1f142068e451098fc751749e
Added	Reference	https://git.kernel.org/stable/c/d8a73cc46c8462a969a7516131feb3096f4c49d3

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

Memory Corruption

Browse by Apps