CVE-2025-21700Use After Free in Linux

CWE-416Use After Free72 documents8 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.5
EPSS
0.0%
top 94.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedFeb 13
Latest updateNov 21

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to gr

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel2.6.125.4.291+6
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-214.234+4
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2cd796e269123e1994bfc4e99dd76680ba0946a97+8
debiandebian/linux< linux 6.1.129-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

34
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26
OSV
linux-raspi-realtime vulnerabilities2025-05-20
OSV
linux-xilinx-zynqmp vulnerabilities2025-05-02

📋Vendor Advisories

37
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-132232025-11-21
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-217002025-10-10
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26