CVE-2025-68789 — Time-of-check Time-of-use (TOCTOU) Race Condition in Kernel

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition5 documents4 sources

Severity

—N/A

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel

Timeline

PublishedJan 13

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free. Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.

Affected Packages2 packages

▶Linuxlinux/linux_kernel2.6.24 — 5.10.248+4

▶Debianlinux/linux_kernel< 6.1.162-1+2

🔴Vulnerability Details

OSV

CVE-2025-68789: In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store() f↗2026-01-13

▶

OSV

hwmon: (ibmpex) fix use-after-free in high/low store↗2026-01-13

▶

GHSA

GHSA-gcc6-9ff3-rhhh: In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) fix use-after-free in high/low store The ibmpex_high_low_store()↗2026-01-13

▶

📋Vendor Advisories

Red Hat

kernel: hwmon: (ibmpex) fix use-after-free in high/low store↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68789 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶