PT-2025-28356 · Linux+6 · Linux Kernel+6
Jann Horn
·
Published
2025-06-18
·
Updated
2026-05-07
·
CVE-2025-38236
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions 6.9 and earlier, including versions prior to 6.1.143, 6.6.96, 6.12.36, and 6.15.5.
Description:
The Linux kernel contains a use-after-free vulnerability in the
af unix module, specifically within the unix stream read generic() function. This flaw can be triggered by sending crafted AF UNIX socket messages, potentially allowing a local attacker to achieve privilege escalation and bypass the Chrome sandbox. The vulnerability occurs when handling out-of-band (OOB) data, where consecutive consumed OOB skbs are not properly managed, leading to memory corruption. A proof-of-concept exploit is publicly available.Recommendations:
Upgrade to Linux kernel version 6.1.143 or later.
Upgrade to Linux kernel version 6.6.96 or later.
Upgrade to Linux kernel version 6.12.36 or later.
Upgrade to Linux kernel version 6.15.5 or later.
Upgrade to Linux kernel version 6.6.101 or later.
Exploit
Fix
LPE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu