PT-2025-18396 · Linux+6 · Linux Kernel+6

Published

2025-04-08

·

Updated

2026-04-20

·

CVE-2025-23142

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, which could lead to a use-after-free read when sending messages using the sctp sendmsg() function. This occurs when another thread removes the selected transport after the message chunks have been set up and before the message is sent, potentially happening when the send buffer is full and the sender thread temporarily releases the socket lock in sctp wait for sndbuf(). The issue is avoided by having sctp transport free() signal the freeing of the transport and tagging it as "dead".
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-12091
CVE-2025-23142
DLA-4178-1
DLA-4193-1
ECHO-1C44-2601-08C5
OESA-2025-1878
OESA-2025-1879
OESA-2025-1880
OESA-2025-2554
OESA-2025-2555
RHSA-2026:0457
RHSA-2026:0489
RHSA-2026:0537
RHSA-2026:0576
RHSA-2026:1441
RHSA-2026:1443
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu