CVE-2025-13350— Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-13350
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privilege escalation (LPE) caused by a use-after-free (UAF). Ubuntu builds that have already taken the new GC stack from commit 4090fa373f0e, and mainline Linux kernels shipping that infrastructure are unaffected because they no longer execute the legacy collector path. This issue affects Ubuntu Linux from 6.8.0-56.58 before 6.8.0-84.84.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Canonical Ubuntu 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Canonical Ubuntu是英国科能软件(Canonical)公司的一套以桌面应用为主的GNU/Linux操作系统。 Canonical Ubuntu 6.8.0-56.58至6.8.0-84.84之前版本存在安全漏洞,该漏洞源于AF_UNIX垃圾收集器存在释放后重用问题,可能导致可靠的本地权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Canonical | Ubuntu Linux | 6.8.0-56.58 ~ 6.8.0-84.84 | - |
II. Public POCs for CVE-2025-13350
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-13350
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Canonical
- CVE-2026-6970
authd Denial of Service and Local Privilege Escalation - CVE-2026-6369
Exposed Session Token in canonical-livepatch client snap - CVE-2026-5412
Juju CloudSpec API could leak senstive information - CVE-2026-5774
Juju API Server Denial of Service and Authentication Replay - CVE-2025-14551
Senstive information disclosure was affecting subiquity
V. Comments for CVE-2025-13350
No comments yet