PT-2026-23496 · Canonical · Ubuntu
Noam Rathaus
·
Published
2026-03-05
·
Updated
2026-03-09
·
CVE-2025-13350
CVSS v4.0
7.1
High
| Vector | AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Ubuntu Linux versions 6.8.0-56.58 through 6.8.0-84.84
Description
The Ubuntu Linux kernel retains a legacy AF UNIX garbage collector that, when combined with a backported upstream commit, can lead to a use-after-free condition. Specifically, orphaned MSG OOB sockets, when processed by the
unix gc() function, may result in memory being freed while still reachable. Subsequent queue walks then dereference this freed memory, potentially leading to local privilege escalation (LPE). This occurs because the garbage collector incorrectly assumes OOB SKBs hold two references when they only have one. Systems using the new garbage collector stack are not affected.Recommendations
Update to Ubuntu Linux version 6.8.0-84.84 or later.
Fix
LPE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ubuntu