CVE-2025-68778Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count14 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 88.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current transaction, as this can result an attempt to have a directory with two hard links during log replay, one for the old parent directory and another for the new parent directory. The following scenario triggers

Affected Packages15 packages

Linuxlinux/linux_kernel4.8.06.1.160+3
Debianlinux/linux_kernel< 6.1.162-1+2

🔴Vulnerability Details

3
OSV
btrfs: don't log conflicting inode if it's a dir moved in the current transaction2026-01-13
OSV
CVE-2025-68778: In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction2026-01-13
GHSA
GHSA-g468-fxhj-fm89: In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction2026-01-13

📋Vendor Advisories

9
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68778 Impact, Exploitability, and Mitigation Steps | Wiz