CVE-2025-13350

CWE-416 — Use After Free6 documents6 sources

Severity

7.1HIGH

EPSS

0.0%

top 99.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux

Timeline

PublishedMar 5

Description

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privilege …

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H

Affected Packages32 packages

▶CVEListV5canonical/ubuntu_linux6.8.0-56.58 — 6.8.0-84.84

▶Ubuntulinux< 6.8.0-84.84

▶Ubuntulinux-aws< 6.8.0-1039.41

▶Ubuntulinux-gcp< 6.8.0-1040.42

▶Ubuntulinux-gke< 6.8.0-1036.40

🔴Vulnerability Details

OSV

CVE-2025-13350: Ubuntu Linux 6↗2026-03-05

▶

GHSA

GHSA-7c4q-hg77-9jfj: Ubuntu Linux 6↗2026-03-05

▶

CVEList

Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel↗2026-03-05

▶

📋Vendor Advisories

Debian

CVE-2025-13350: linux - Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports u...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-13350 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶